Skills
skills/steipete/clawdis/sonoscli/Gen Agent Trust Hub

sonoscli

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the sonos binary using go install from github.com/steipete/sonoscli/cmd/sonos@latest. This repository is not on the pre-approved list of trusted GitHub organizations or repositories, making the dependency unverifiable via static analysis.
  • [COMMAND_EXECUTION] (LOW): The skill relies on executing the sonos CLI tool to perform actions like discovery, volume control, and grouping. This is consistent with its primary purpose but represents a capability that could be misused if coupled with malicious instructions.
  • [CREDENTIALS_UNSAFE] (SAFE): The documentation mentions the use of SPOTIFY_CLIENT_ID and SPOTIFY_SECRET for optional Spotify features. No hardcoded credentials were found; these are referenced as environment variables to be provided by the user.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 03:19 AM