Set Up OpenClaw Spotify Integration & Control Music from Chat

You can tell OpenClaw “queue the latest Boards of Canada” from Slack and watch Spotify obey in under a second. This guide documents exactly how I wired that up, including every OAuth gotcha I tripped over and the YAML I finally committed. No marketing fluff—just the minimal steps to get reliable play / pause / search / playlist control from any messenger OpenClaw supports.

Why bother controlling Spotify from OpenClaw?

The obvious win is convenience: one shortcut triggers focus music, another pauses when someone rings the doorbell (through Home Assistant). Less obvious: once Spotify is a first-class tool inside OpenClaw, you can combine it with any of the 800+ Composio integrations—post what you’re listening to in a Discord channel, auto-save track links to Notion, or schedule a Friday team playlist poll.

Prerequisites

OpenClaw v0.26.4+ (npm install -g openclaw@latest) or a ClawCloud workspace
Node.js 22+
A Spotify Premium account (API restrictions make Free flakey for playback)
Admin rights to create a Spotify Client ID
Five minutes for the OAuth dance and one terminal window

Step 1 – Create a Spotify app & obtain credentials

1.1 Register an app in the Spotify Dashboard

Visit developer.spotify.com/dashboard.
Click Create an App. Name it something like OpenClaw Agent. Description is irrelevant.
Copy the generated Client ID and Client Secret. We’ll paste those into the skill config.

1.2 Add the correct Redirect URI

OpenClaw’s Spotify skill hosts a tiny OAuth callback server at http://localhost:5173/callback/spotify by default. Add this in the dashboard under Edit Settings → Redirect URIs. If you run on ClawCloud you’ll instead use:

https://AGENT_HANDLE.gateway.clawcloud.ai/callback/spotify

Replace AGENT_HANDLE with the subdomain you chose in the signup form.

Step 2 – Install the Spotify skill

In OpenClaw naming, a “skill” is just a Node package exposing tool functions. The Spotify one lives at @openclaw/skill-spotify.


# inside your agent workspace
yarn add @openclaw/skill-spotify   # npm install works too

ClawCloud users can skip the CLI and enable the toggle in Gateway → Skills.

Step 3 – Configure credentials in `openclaw.yaml`

Drop the following snippet under skills. Worth noting: scopes must include user-modify-playback-state or you’ll get 403 on Play.


skills:
  spotify:
    clientId: "SPOTIFY_CLIENT_ID"
    clientSecret: "SPOTIFY_CLIENT_SECRET"
    redirectUri: "http://localhost:5173/callback/spotify" # or your ClawCloud URL
    scopes:
      - user-read-playback-state
      - user-modify-playback-state
      - user-read-currently-playing
      - playlist-modify-public
      - playlist-modify-private

Commit that. Do git-crypt or your secret manager of choice; dumping client secrets in a public repo gets your token nuked in minutes—the Spotify security team runs pretty aggressive scans.

Step 4 – Run the OAuth flow once


openclaw gateway

The terminal prints a local URL like:


🔑  Authorize Spotify: http://localhost:5173/authorize/spotify

Open it, log into Spotify, accept the scopes, and you’ll land on a tiny page that says “Authorization complete, you can close this tab.” Back in the terminal you should see:


✅  Spotify tokens stored in ~/.openclaw/spotify.json (expires in 3600s, auto-refresh enabled)

If you get a INVALID_CLIENT error, double-check that the redirect URI exactly matches—protocol, port, trailing slash.

Step 5 – Test basic commands from your messenger

I’ll use Slack in examples; replace with Telegram/WhatsApp/whatever.


@bot play Pink Floyd – Time

The skill resolves the track via /v1/search, grabs the first item, and calls /v1/me/player/play on your active device. If nothing is playing anywhere, Spotify’s API demands you pass a device_id, so the skill picks your most recently active device. Edge case: if you last listened on your phone and the device has gone offline, playback silently fails. I opened #1842 with a retry-on-desktop patch; until merged just start Spotify on any device once.

@bot pause → pauses current playback
@bot next / previous
@bot volume 30%
@bot queue Aphex Twin – Xtal
@bot create playlist "Friday Jams" public

All these map one-to-one to skill functions, so you can call them from workflows too.

Step 6 – Build an automation: focus music on coding session start

This is the part that actually changes behavior. My rule: whenever I type npm run dev in my monorepo, OpenClaw queues a three-hour “Coding Flow” playlist at 35 % volume. Here’s the recipe.

6.1 Expose a shell event

OpenClaw’s daemon emits a shell.command event every time you run something under claw shell. Add a filter:


workflows:
  focus_music:
    on:
      event: shell.command
      if: "payload.command == 'npm run dev'"
    run:
      - spotify.playlist.start:
          id: "37i9dQZF1DX8Uebhn9wzrS"  # Coding Flow playlist URI
      - spotify.volume.set:
          percent: 35

Save and reload the daemon. Now when you start the dev server, the playlist fades in. Optional: couple this with lights.setScene gray-mode via the Hue skill.

Step 7 – Recommendation tricks the docs don’t mention

Dynamic context. Pass seed_artists, seed_tracks, and min_energy to spotify.recommendations. Then pipe the returned list into spotify.queue. Example:


spotify.recommendations.get:
  seed_artists: ["1dfeR4HaWDbWqFHLkxsg1d"]   # Queen
  min_energy: 0.8
  limit: 5
→ pipe →
spotify.queue.add

“Play something I like.” Because Spotify stopped exposing “taste profile” endpoints, the skill fakes it by pulling your top tracks and feeding them as seeds.
Rate limiting. Spotify allows 100 queue inserts/hr. The skill silently batches beyond that. You can override with batch: false if you prefer hard errors.

Running on ClawCloud instead of local

The hosted gateway already has the Spotify skill pre-installed. You only:

Open Settings → Integrations → Spotify
Paste Client ID / Secret
Click Authorize; the pop-up uses the redirect URI pattern mentioned earlier.

Tokens live in an encrypted Vault secret per workspace. Rotating them later is a single click.

Security & operational caveats

OAuth token scopes. user-library-read sounds harmless but grants reading private playlists—remove if you don’t need it.
Refresh token lifetime. Spotify’s tokens don’t expire, they only revoke on password change. If you share a ClawCloud workspace with others, limit agent role permissions.
Rate limits. 400 requests / 30 seconds for non-commercial apps. The skill has exponential back-off; you can change thresholds in OPENCLAW_SPOTIFY_RATE=250/30.
Logging. By default, track names are logged at debug level. Turn that off if you’re controlling music in a shared workplace.

Troubleshooting cheatsheet

Symptom	Likely cause	Fix
"No active device found"	Spotify app closed	Open any Spotify client once
OAuth 400 redirect_uri_mismatch	URL mismatch	Copy exact URI including port
Skill not recognized	Gateway not restarted	Run `openclaw gateway` again
Queue silently fails after 100 tracks	Rate limit batching	Set `batch:false` or slow down

What to build next

You now have Spotify stitched into OpenClaw’s event mesh. The low-hanging fruit I enjoyed:

Slack slash command /nowplaying that replies with the current track and album art.
GitHub Action commenting the commit author’s “coding song” onto PRs (the team loves/hates this).
Home office “meeting mode” that pauses music when Google Calendar reports event.type == 'conference'.

Got a better automation? Drop it in the GitHub discussion. Happy hacking.