BYR CLI Skill

v0.1.2

Use BYR CLI for auth, search, detail inspection, and safe torrent download planning with JSON envelopes.

⭐ 0· 657·0 current·0 all-time

byHaitian@1morebuild

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description match the behavior: the skill delegates all work to a 'byr' CLI and declares Homebrew/npm install options that create the 'byr' binary. Requiring a local 'byr' binary is coherent for a CLI wrapper.

Instruction Scope

SKILL.md explicitly documents browser cookie import flows (chrome macOS path/decrypt flow, safari best-effort) which implies reading/decrypting local browser profiles or cookies. The skill text does not declare or constrain access to those local files; because this is instruction-only, the actual access would be performed by the installed 'byr' binary but the instructions encourage actions that touch sensitive local secrets (browser session tokens).

ℹ

Install Mechanism

Installers are a Homebrew formula from a third-party tap (1MoreBuild/tap) and an npm package (byr-pt-cli). These are reasonable fallback mechanisms but both are third‑party sources (not a widely-recognized official repo linked in the skill). This raises moderate supply-chain risk — verify the tap/package source before installing.

ℹ

Credentials

The skill requests no environment variables or credentials, which is proportionate. However, the documented browser cookie import is effectively a request to access local sensitive secrets (cookies/session tokens) that is not represented in 'requires' or config path metadata.

✓

Persistence & Privilege

always is false and the skill is instruction-only; it does not request permanent agent presence or modifications to other skills or system-wide settings.

What to consider before installing

This skill appears to be a thin wrapper around a third‑party 'byr' CLI. Before installing or using it: (1) verify the Homebrew tap and npm package authors and inspect their source repository if possible; (2) prefer the dry-run download flow and require explicit output paths before writing files; (3) be cautious with the 'auth import-cookie --from-browser' flow — importing browser cookies grants access to session tokens and should only be done if you trust the CLI source; consider using a manual cookie string instead or re-authenticating through safer means; (4) run 'byr doctor' and inspect output locally before allowing any write/download actions; and (5) consider the legal/organizational policy implications of torrent usage. If you need higher assurance, request the upstream source code or a reproducible build of the 'byr' binary before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbyr

Install

Install byr CLI (Homebrew)

Bins: byr

brew install 1MoreBuild/tap/byr-pt-cli

Install byr CLI (npm fallback)

Bins: byr

npm i -g byr-pt-cli

byrvk971jg9dbmme6fn6z7p1amrmp981cd78clivk971jg9dbmme6fn6z7p1amrmp981cd78latestvk971jg9dbmme6fn6z7p1amrmp981cd78

657downloads

0stars

2versions

Updated 8h ago

v0.1.2

MIT-0

BYR CLI Skill

When To Use

Use this skill when a task needs any BYR operation via CLI:

authenticate/check auth state
search torrents with filters
browse latest torrents with filters
inspect torrent details
plan or execute torrent downloads
fetch BYR metadata and user info
run local diagnostics before live calls

Boundaries

Work only through the byr binary.
Prefer --json for machine-readable output.
Do not infer missing IDs/paths or silently mutate files.
Keep read-only commands non-destructive.

Auth Notes

Support both cookie formats in auth import-cookie:
- uid=...; pass=...
- session_id=...; auth_token=... (optional refresh_token=...)
Browser import:
- chrome (macOS path/decrypt flow)
- safari best effort with manual fallback
Always check status before live operations:
- byr auth status --verify --json

Commands (JSON First)

Read-only:

byr check --json
byr whoami --json
byr doctor [--verify] --json
byr browse [--limit <n>] [--category <alias|id>] [--incldead <alias|id>] [--spstate <alias|id>] [--bookmarked <alias|id>] [--page <n>] --json
byr search --query "<text>" --limit <n> --json
byr search --imdb <tt-id> [--category <alias|id>] [--spstate <alias|id>] --json
byr get --id <torrent-id> --json
byr user info --json
byr meta categories --json
byr meta levels --json
byr auth status [--verify] --json
byr auth import-cookie --cookie "<cookie-header>" --json
byr auth import-cookie --from-browser <chrome|safari> [--profile <name>] --json
byr auth logout --json

Write side effect:

Dry run first: byr download --id <torrent-id> --output <path> --dry-run --json
Actual write: byr download --id <torrent-id> --output <path> --json

Search/Browse Semantics

search and browse return paged list data.
JSON fields:
- matchedTotal: estimated total hits inferred from BYR pagination range blocks.
- returned: number of items returned in current payload.
- total: backward-compatible alias of returned.
If --page is omitted, list commands auto-fetch subsequent pages until --limit is reached.
If --page is provided, only that page is fetched.

Side-Effect Policy

Before non-dry-run download:

verify --id and --output are explicit
run dry-run and inspect sourceUrl/fileName
confirm intent for the output path

If parameters are missing, ask for explicit values.

Error handling

Surface error.code and error.message.
For E_ARG_*: request corrected flags/arguments.
For E_AUTH_*: re-auth guidance (auth import-cookie or credential refresh).
For E_NOT_FOUND_*: request different query/torrent ID.
For E_UPSTREAM_*: suggest retry and capture command/context.

Response Style

Keep result summaries short.
Include key fields for search/get: id, title, size, seeders, leechers.
For list commands include both matchedTotal and returned when present.
Include key fields for download: outputPath, sourceUrl, dryRun, bytesWritten.

Comments

Loading comments...