spotify-history
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard OAuth 2.0 flows for authentication. It provides a setup script that guides users to create their own developer application on Spotify's official dashboard.
- [SAFE]: Credentials and access tokens are stored locally with restricted permissions (
chmod 600), ensuring only the user can read them. This is a recognized security best practice for local secret management. - [SAFE]: All network requests are directed to official Spotify domains (
api.spotify.comandaccounts.spotify.com) for legitimate API operations. No unauthorized third-party communication was detected. - [SAFE]: The skill uses standard Python libraries (
urllib,json,os) and does not require external third-party dependencies, minimizing supply chain risks. - [SAFE]: No evidence of prompt injection, obfuscation, or malicious execution patterns was found in the scripts or documentation.
Audit Metadata