Is spotify safe?

https://clawhub.ai/2mawi2/spotify

82
SAFE

This is a legitimate Spotify playback control skill for macOS with no malicious intent. The primary security consideration is its use of osascript, which is a powerful macOS automation tool that could be abused if combined with prompt injection from another source. Installation monitoring showed clean behavior with no network activity, no canary access, and no suspicious filesystem changes.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 55/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (4)

MEDIUM osascript execution capability -30

The skill instructs the agent to use osascript to send AppleScript commands to Spotify. While the examples are scoped to Spotify playback, osascript is a powerful macOS tool that can control any application, execute shell commands, and interact with the OS. Teaching an agent this pattern creates a reusable attack surface if combined with prompt injection from another source.

LOW Third-party CLI installation via Homebrew -15

The skill requires installing shpotify via Homebrew, which introduces a third-party binary. While shpotify is a well-known open-source tool, this adds a supply chain dependency that could be compromised in the future.

LOW Web search instruction creates indirect injection surface -10

The skill instructs the agent to search the web for Spotify URLs. This creates an indirect prompt injection vector where malicious content in search results could influence agent behavior. The risk is low because the search is narrowly scoped to open.spotify.com.

INFO Combination risk with other skills -5

While benign on its own, the osascript pattern this skill teaches could be leveraged by a malicious co-installed skill that performs prompt injection to execute arbitrary AppleScript commands beyond Spotify control.