Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Jellyseerr
v1.0.0Request movies and TV shows through Jellyseerr. Use when the user wants to add media to their Plex/Jellyfin server, search for content availability, or manage media requests.
⭐ 1· 2.1k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and instructions consistently implement Jellyseerr operations (search, request, poll, webhook receiver, notification queue) and require a Jellyseerr server URL + API key stored in ~/.config/jellyseerr/config.json. That aligns with the description. Note: install_service.sh hardcodes SCRIPT_DIR (/home/clawd/...) and User=clawd which is not consistent with a generic skill install and is unexpected for the described purpose.
Instruction Scope
SKILL.md and reference docs instruct the agent / operator to run setup scripts, install a systemd service, and add cron entries. The scripts write config files to ~/.config and cache files to ~/.cache (expected), but they also create a systemd service and start a network-listening webhook server on port 8384 (expected for webhook behavior) and require sudo for service install. The hardcoded paths and user in install_service.sh and slightly different behavior in setup_webhook.sh (uses $USER) are inconsistent and could cause the service to run as an unexpected user or point to the wrong script location. SKILL.md's crontab example injects a path using $(pwd) — that will depend on where the skill is located and could be brittle.
Install Mechanism
There is no separate package install spec (instruction-only), which minimizes external download risk. However the bundled scripts perform system modifications (create /etc/systemd/system/*.service, enable/start service) and require sudo for that. There is no network download of arbitrary archives or third-party install endpoints.
Credentials
The skill does not declare required environment variables but the code optionally reads TELEGRAM_CHAT_ID and CLAWDBOT_* env vars to populate chat IDs and channels. The primary secret (Jellyseerr API key) is stored in ~/.config/jellyseerr/config.json (entered interactively by setup.sh). The use of environment variables is reasonable for optional notification routing, but the lack of declared env requirements in metadata is a mismatch and worth noting.
Persistence & Privilege
The skill offers to install a persistent systemd service that opens a network port and runs continuously (webhook_server.py). Persistent network services are expected for webhooks, but they do raise the stakes: the service is installed system-wide and started with sudo. The hardcoded User and SCRIPT_DIR in install_service.sh increase risk of misconfiguration; depending on how scripts are run, the service could be created to run as root or reference non-existent paths. The skill does not modify other skills' configs, and always:false is set, but the systemd installation still grants significant persistence and network exposure.
Scan Findings in Context
[base64-block] expected: A base64 block was flagged in the SKILL.md / WEBHOOK_SETUP.md; this is the JSON payload template for Jellyseerr webhooks (the file also decodes to a harmless JSON template). The flagged pattern appears to be legitimate usage for webhook payload configuration.
What to consider before installing
What to consider before installing:
- Functionality: The skill's code matches its description: it talks to a Jellyseerr server using a server URL + API key (stored at ~/.config/jellyseerr/config.json), can poll or receive webhooks, and queues notifications for a bot/Telegram. If that is what you want, the capability is coherent.
- Review install scripts before running with sudo: install_service.sh writes a systemd unit and hardcodes SCRIPT_DIR (/home/clawd/...) and User=clawd. If you run it as-is on your machine it will likely point to the wrong path or create a service running under an unexpected user. Edit the service file (or install script) to set the correct WorkingDirectory and User for your environment, and inspect the unit before enabling it.
- Network exposure: The webhook server binds 0.0.0.0:8384 by default. If you expose that port to the network, ensure firewall rules or a reverse proxy with TLS/auth are used. Prefer binding to localhost and using a reverse proxy if remote access is required.
- Secrets: The Jellyseerr API key is stored locally in ~/.config/jellyseerr/config.json (the setup script sets 600 permissions). Ensure you trust the host and review scripts if you are concerned about accidental exfiltration. The code does not appear to transmit secrets elsewhere, but optional TELEGRAM_CHAT_ID or CLAWDBOT env vars may be used to route notifications.
- Notifications integration: The scripts queue notifications in ~/.cache/jellyseerr/pending_notifications.json and expect an external actor (Clawdbot or send_notifications.py run in an appropriate context) to actually deliver messages. If you don't use Telegram/Clawdbot, either adjust the scripts or disable notification automation.
- Minor hygiene: The crontab example uses $(pwd) which is fragile; prefer absolute paths. Also verify which user will own the service and files after installation and correct permissions as needed.
If you are not comfortable editing the scripts or running systemd units created by this package, do not run the install_service/setup_webhook scripts with sudo; instead run scripts locally, inspect files, and adapt service/unit definitions to your environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97104tr0bnvhzevg26e3144e17zx4hm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.