ClawHub

PLEX-CTL

v1.0.0

Command-line tool for searching, playing, and controlling Plex Media Server and clients via the Plex API on your local network.

1· 657·0 current·0 all-time
by@akivasolutions
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The code and docs align with the stated purpose: controlling Plex servers and clients via the Plex API. Required dependency (plexapi) is appropriate. No unrelated services, binaries, or credentials are requested that don't match a Plex control tool.
Instruction Scope
SKILL.md and README instruct the user to install plexapi, run an interactive setup that asks for Plex URL/token, and to run normal commands; those instructions are within scope. Two minor notes: (1) the tool uses local GDM discovery first but falls back to Plex cloud (MyPlex) for client discovery — the docs mention this, but it means the code may make outbound calls to Plex cloud only as a fallback; (2) the included verify.sh queries local git metadata and remote URLs (git log, git remote -v) which reads local repo metadata — benign for verification but unnecessary for runtime operation and worth noting before running the script.
Install Mechanism
There is no install spec (instruction-only install); the files included are Python script(s) and a requirements.txt. Installing is limited to pip installing plexapi (expected). No downloads from arbitrary URLs or archive extraction are present.
Credentials
The skill does not request environment variables or external credentials in the registry metadata. It asks the user to provide a Plex token interactively and stores it locally at ~/.plexctl/config.json — this is proportional to its function. There are no demands for unrelated tokens or secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes its own config to ~/.plexctl/config.json. Autonomous invocation (disable-model-invocation: false) is the platform default and not itself a red flag here.
Assessment
This package looks coherent with its stated purpose. Before installing, consider: (1) The tool requires you to supply your Plex token and will store it in ~/.plexctl/config.json — treat that file as sensitive. (2) The code may perform local network calls to your Plex server and (as a fallback) may contact Plex cloud services for MyPlex discovery; if you want strictly local-only operation, disable cloud discovery or avoid using cloud fallback. (3) The included verify.sh runs git commands and prints git remote info — review it before running to avoid revealing repository metadata. (4) Install plexapi in a Python virtual environment (pip install -r requirements.txt) and inspect plexctl.py if you want to be certain of behavior. Overall, there are no disproportionate credential or network requests and no other obvious red flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk979eht7mh597wczj8tyv97v4s815ybg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments