Spotify Player

Name/description (terminal Spotify playback/search) matches the instructions: they require either the spogo or spotify_player CLI and a Spotify Premium account. Nothing requested (no env vars, no unexpected credentials) is outside that purpose.

SKILL.md confines actions to running local CLI commands (search, play, device list/set, status) and referencing a local config folder (~/.config/spotify-player). One instruction (spogo auth import --browser chrome) implies importing browser cookies — this may require the user to grant access to browser cookie storage when running that CLI, but the skill's instructions themselves do not ask the agent to read other arbitrary files or exfiltrate data.

The registry shows no formal install spec, but SKILL.md metadata suggests Homebrew installs: spogo from the third-party tap steipete/tap and spotify_player. Homebrew installs are common and expected for CLIs, but a third-party tap means code comes from a non-core source — users may want to inspect the tap/formula before installing.

No environment variables or credentials are requested. The skill references a local config path and the optional client_id setting for Spotify Connect; this is proportionate and expected for a local CLI-based Spotify client.

Skill is user-invocable, not always-on, and does not request persistent system privileges or modify other skills. It does not ask to store credentials in the agent or change global agent settings.