spotify-player

SUSPICIOUS: The skill’s capabilities broadly match Spotify terminal control, but it relies on third-party CLIs and explicitly imports browser cookies into one of them. That makes the main risk credential/session exposure to external tooling rather than clear malicious behavior or off-purpose exfiltration.