Is sonoscli safe?
https://clawhub.ai/steipete/sonoscli
sonoscli is a clean, minimal skill that wraps a Go CLI tool for controlling Sonos speakers on the local network. The SKILL.md contains no prompt injection, data exfiltration attempts, or malicious patterns. The primary trust consideration is the Go binary installed from GitHub (github.com/steipete/sonoscli), which is a standard supply-chain dependency. All monitoring — network, filesystem, process, and canary — showed no suspicious behavior during installation.
Category Scores
Findings (5)
LOW Remote Go binary installation -8 ▶
The skill's install metadata instructs go install github.com/steipete/sonoscli/cmd/sonos@latest, which fetches and compiles a Go binary from GitHub. The binary runs with the user's permissions and has local network access for Sonos SSDP discovery. This is expected behavior for the skill's purpose but represents a trust dependency on the upstream repository.
LOW Optional Spotify API credentials referenced -5 ▶
SKILL.md mentions that Spotify Web API search requires SPOTIFY_CLIENT_ID/SECRET environment variables. While this is standard documentation for optional Spotify integration, an agent could inadvertently expose these values if asked to debug or configure the feature.
INFO Clean SKILL.md with no injection patterns 0 ▶
The SKILL.md is a straightforward CLI reference document. No prompt injection techniques, persona overrides, instruction suppressions, or hidden content detected.
INFO Local network scanning via SSDP -5 ▶
The sonos discover command performs SSDP multicast on the local network to find Sonos speakers. This is expected and necessary for the skill's purpose but reveals local network device information to the agent.
LOW External homepage URL in metadata -2 ▶
The skill metadata includes homepage: https://sonoscli.sh. While this is standard metadata and not an instruction to the agent, it could theoretically be used as a social engineering anchor if the agent were asked to 'check the docs'.