ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ryot

v1.2.0

Complete Ryot media tracker with progress tracking, reviews, collections, analytics, calendar, and automated daily/weekly reports. Track TV shows, movies, bo...

0· 454·2 current·2 all-time
byFederico Liva@f-liva

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for f-liva/ryot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ryot" (f-liva/ryot) from ClawHub.
Skill page: https://clawhub.ai/f-liva/ryot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install f-liva/ryot

ClawHub CLI

Package manager switcher

npx clawhub@latest install ryot
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and scripts clearly implement a Ryot GraphQL client and automation (search, mark progress, calendar, reports) which aligns with the name/description. However, the skill's runtime docs declare a required config file (/home/node/clawd/config/ryot.json) and use the openclaw CLI in setup-automation.sh, yet the package/registry metadata lists no required config paths, env vars, or required binaries — a mismatch that can hide required privileges or preconditions.
!
Instruction Scope
Runtime instructions and scripts read a local config containing an API token and perform GraphQL calls to the user-provided Ryot instance — expected for this functionality. The setup script, however, prompts for a WhatsApp number and uses openclaw cron add to create recurring jobs that run scripts and deliver their output to WhatsApp via an OpenClaw channel and a specified model. That establishes an external data delivery pathway (user activity, recent media, analytics) that will run autonomously once scheduled. The SKILL.md does describe the automation, but the creation of persistent jobs and external delivery is a material behavior users must explicitly understand.
Install Mechanism
There is no install spec (instruction-only install), and all code is included in the skill bundle (Python scripts + a shell setup script). No third-party downloads occur. This is lower risk than fetching arbitrary code, but the setup script depends on the openclaw CLI being present and usable — which is not declared in the registry metadata.
Credentials
The scripts require a single local config file with 'url' and 'api_token' for the user's Ryot instance — this is proportionate to the stated purpose. Concerns: (1) the registry metadata did not advertise this required credential/config path (inconsistency), and (2) the automation will forward user data (recent activity, analytics) to an external channel (WhatsApp) if configured, which elevates the sensitivity of the API token and the data being collected.
!
Persistence & Privilege
The skill itself is not 'always:true', but the provided setup-automation.sh creates cron jobs via openclaw cron add that persist and run autonomously on a schedule, sending output off-agent. That creates persistent, autonomous behavior (scheduled data export) that goes beyond one-off command execution and increases the blast radius if misconfigured or abused.
What to consider before installing
This skill appears to do what it claims (talk to a self-hosted Ryot instance and manage media/tracking), but there are a few issues you should address before installing: 1) Metadata mismatch: The registry/package metadata does not declare the required config file or the dependency on the openclaw CLI, but SKILL.md and the scripts expect /home/node/clawd/config/ryot.json and use the openclaw command. Confirm the skill author corrects the manifest or document these requirements. 2) Sensitive config: The skill reads an API token from /home/node/clawd/config/ryot.json. Only create that config with a token you trust to be used for the stated Ryot operations. Restrict file permissions (e.g., 600) so only the intended user can read it. 3) Automation & external delivery: setup-automation.sh will create cron jobs that run periodically and (if you provide a WhatsApp number) send outputs to a WhatsApp channel via OpenClaw. If you do not want scheduled or external delivery of your viewing/activity data, do not run the setup script or skip entering a WhatsApp number. Review the cron job contents produced by openclaw cron list before confirming. 4) openclaw CLI dependency: The setup script invokes openclaw cron add. Ensure the openclaw binary on your system is the official, trusted CLI and that the account used to register cron jobs is the correct one. 5) Recommended checks: inspect the included Python scripts yourself (they are bundled and readable), run the scripts in dry-run/test mode against a non-production Ryot instance first, and run setup-automation.sh with --dry-run to verify what would be created. Ask the author to update the registry metadata to list the config path and required binaries so the requirements are explicit. If you want, I can enumerate the exact lines where the setup script calls openclaw and where scripts read the config file so you can review them quickly.

Like a lobster shell, security has layers — review code before you run it.

latestvk973t9qsk5hbgf5h8r103crka581qbsx
454downloads
0stars
7versions
Updated 31m ago
v1.2.0
MIT-0
Federico Liva@f-liva
latest
Download

Ryot Media Tracker - Complete Suite

Full-featured Ryot integration with progress tracking, reviews, collections, analytics, calendar, and automated reports.

Setup (Required)

Before using this skill, you must configure your Ryot instance:

  1. Create config file at /home/node/clawd/config/ryot.json:
{
  "url": "https://your-ryot-instance.com",
  "api_token": "your_api_token_here"
}
  1. Set your Ryot instance URL - Replace https://your-ryot-instance.com with your actual Ryot server address
  2. Get your API token from your Ryot instance settings
  3. Save the config - The skill will read this file automatically

Usage

Use scripts/ryot_api.py for all Ryot operations.

🚀 Quick Start - Automated Setup

cd /home/node/clawd/skills/ryot/scripts
./setup-automation.sh

This will:

  • ✅ Set up daily upcoming episodes notification (07:30)
  • ✅ Set up weekly stats report (Monday 08:00)
  • ✅ Set up daily recent activity (20:00)
  • ✅ Configure WhatsApp delivery

Common Tasks

1. Progress Tracking 📊

# Check your progress on a TV show
python3 scripts/ryot_api.py progress met_XXXXX

# Example output:
# Galaxy Express 999
# Season 1, Episode 35/113 (30%)

2. Reviews & Ratings ⭐

# Add review with rating (0-100)
python3 scripts/ryot_reviews.py add met_XXXXX 85 "Amazing show!"

# Rating only
python3 scripts/ryot_reviews.py add met_XXXXX 90

3. Collections 📚

# List your collections
python3 scripts/ryot_collections.py list

# Create new collection
python3 scripts/ryot_collections.py create "Top Anime 2026" "My favorite anime of the year"

# Add media to collection
python3 scripts/ryot_collections.py add <collection_id> met_XXXXX

4. Analytics & Stats 📈

# View your statistics
python3 scripts/ryot_stats.py analytics
# Output: Total media, shows, movies, watch time

# Recently consumed
python3 scripts/ryot_stats.py recent
# Output: Last 10 media you watched/read

5. Calendar & Upcoming 📅

# Upcoming episodes this week
python3 scripts/ryot_calendar.py upcoming

# Calendar for next 30 days
python3 scripts/ryot_calendar.py calendar 30

6. Search & Details 🔍

# Search for TV shows
python3 scripts/ryot_api.py search "The Wire" --type SHOW

# Search for movies
python3 scripts/ryot_api.py search "Inception" --type MOVIE

# Get details
python3 scripts/ryot_api.py details met_XXXXX

7. Mark as Completed ✅

# Mark media as completed
python3 scripts/ryot_api.py complete met_XXXXX

8. Bulk Episode Marking 🎬

# Search for a show to get metadata_id
python3 scripts/ryot-mark-episodes.py search "Galaxy Express 999"
# Output: Found: met_huCCEo1Pu0xM (source: TMDB, type: SHOW)

# Mark range of episodes as watched (e.g., episodes 1-46 of season 1)
python3 scripts/ryot-mark-episodes.py met_huCCEo1Pu0xM 1 1 46
# Marks all episodes from 1 to 46 in season 1

# Mark single season episodes
python3 scripts/ryot-mark-episodes.py met_XXXXX 2 1 24
# Marks season 2, episodes 1-24

Use cases:

  • Catching up on a series you've already watched elsewhere
  • Bulk importing viewing history
  • Marking entire seasons at once

Note: Each episode is marked individually with createNewInProgress + showSeasonNumber/showEpisodeNumber.

Workflow

  1. User request → "How many episodes of Galaxy Express 999 have I watched?"
  2. Search → Find the correct metadata ID
  3. Check progresspython3 scripts/ryot_api.py progress met_XXX
  4. Mark complete → When finished, deploy bulk progress update

Media Types

Supported lot values:

  • SHOW - TV series
  • MOVIE - Films
  • BOOK - Books
  • ANIME - Anime series
  • GAME - Video games

Important Notes

  • Before first use: Check if /home/node/clawd/config/ryot.json exists. If not, ask the user for their Ryot instance URL and API token, then create the config file.
  • Always search first to get the correct metadata ID
  • Verify the year if multiple results match the title
  • The API uses GraphQL at /backend/graphql
  • Metadata IDs start with met_

Resources

scripts/ryot_api.py

Python script for Ryot GraphQL operations. Supports:

  • search - Find media by title
  • details - Get metadata details
  • complete - Mark as completed

Comments

Loading comments...