Sonoscli

No changelog provided.

OpenClaw analysis

The skill's instructions match a Sonos CLI tool, but registry metadata omits the declared binary/install steps present in SKILL.md—this mismatch and the remote Go install warrant caution before installing or granting credentials.

Confidence: medium

VirusTotal

Type: OpenClaw Skill Name: sonoscli Version: 1.0.0 The skill bundle is benign. It installs the `sonoscli` tool from a public Go module (`github.com/steipete/sonoscli`) and provides instructions for controlling Sonos speakers. The `SKILL.md` mentions the optional requirement for `SPOTIFY_CLIENT_ID/SECRET` environment variables for Spotify search functionality, which is a standard practice for API integrations and does not indicate any attempt at credential exfiltration or prompt injection against the agent.