Control Sonos speakers (discover/status/play/volume/group). The skill's instructions match a Sonos CLI tool, but registry metadata omits the declared binary/install steps present in SKILL.md—this mismatch and the remote
Security
Critical
Quality
Good · 70
Install
ready
Audit version
audit-standard-v2
Source metrics come from upstream registries/repositories. Platform metrics come from user actions on SkillTrust and are protected by dedupe/rate-limit anti-abuse rules.
Control Sonos speakers (discover/status/play/volume/group). The skill's instructions match a Sonos CLI tool, but registry metadata omits the declared binary/install steps present in SKILL.md—this mismatch and the remote Go install warrant caution before installing or granting credentials. This SKILL.md appears to wrap an existing Sonos CLI tool, which is reasonable for the stated purpose. However, the registry metadata omitted the 'sonos' binary requirement and the Go-based install that are present in SKILL.md—this mismatch could be a benign metadata oversight or a sign the package was packaged incorrectly. Before installing: (1) verify the upstream GitHub project (github.com/steipete/sonoscli) and inspect its source and recent releases, (2) confirm you are comfortable running `go install` from that module (it will compile and install remote code), (3) do not provide SPOTIFY_CLIENT_SECRET/ID unless you trust the code, and (4) consider running the install in a restricted environment (container or VM) if you want to limit risk. If the publisher cannot explain the metadata discrepancy, treat the skill cautiously or prefer an alternative with consistent metadata and a published release tarball or package.
• Add explicit When to Use / Guidelines sections.
• Provide at least one concrete input-output example.
• Publish versioned changelog and update cadence.
• Document compatibility and breaking-change policy.
• Expand capability limits and boundary conditions.
Is this a security certification?
No. SkillTrust audit is advisory and should be combined with your own review controls.
Can I install directly from this page?
No one-click install is provided. Use command guidance and run in your controlled environment.
Imported from ClawHub public listing.
go install sonos@latestInstall method: script-backed (go)
Quick install
Quick preflight
go versionInstall paths
review skill metadata before installcheck required credentials in skill docsrequires local binaries: sonosshell accessPreflight checks
Post-install signal
Installed successfully? Send an activation signal to improve ranking quality over time.
Audit score 80 / 100. Risk guidance is advisory only; review evidence before install.
• Add troubleshooting and FAQ for common failures.
• Improve discoverability through verified source channels.
• Publish usage examples to increase activation quality.
• Reduce shell/file/network scope and document least privilege.
• Expose explicit provenance, dependency pinning, and security notes.
• Provide structured install + rollback steps for each supported agent.
• Mark official/verified status and keep metadata timestamps fresh.
Moderately fresh; review release notes before install.
Audit guidance: 80 / 100 · critical
Scores with similar values can still differ in confidence; use evidence and risk lines below for final install judgment.
Risk 80 · Δ +0 · Findings 5
Apr 3, 2026 · auto
Latest critical risk result from audit-standard-v2.