Trakt.tv Integration
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Trakt.tv integration, but it uses Trakt OAuth credentials/tokens and can modify watch-history data, so grant only the permissions you need.
Before installing, create a dedicated Trakt application, grant only needed permissions, store the config file securely, and consider using a Python virtual environment for setup. The provided trakt_client.py content was truncated in the review artifact, so review the full file before running if you want maximum assurance.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant setup can gain ongoing access to your Trakt account data using the permissions you grant.
The setup flow asks for a Trakt client secret, recommends broad app permissions, and stores credentials locally; this is expected for Trakt integration but expands account authority.
3. Check the permissions you want (recommend all) ... What is your Client Secret? ... Create `~/.openclaw/trakt_config.json`
Grant the minimum Trakt permissions needed, protect ~/.openclaw/trakt_config.json, and revoke the Trakt application if you stop using the skill.
If invoked, the skill can change your Trakt watch history, which may affect your profile and recommendations.
The client includes functions that can write to Trakt watch history. This fits a tracking integration, but it is account-mutating behavior.
def mark_show_watched(self, trakt_id: int) -> bool: ... return self.add_to_history(payload)
Only allow watch-history changes after an explicit user request or confirmation, and document how to undo mistaken changes.
Running setup can modify your Python environment, which may affect other Python software on the machine.
The setup wizard may install a dependency from PyPI into the local Python environment, including with --break-system-packages.
subprocess.run([sys.executable, "-m", "pip", "install", "requests", "--break-system-packages"], check=True, capture_output=True)
Prefer installing dependencies in a virtual environment and pin reviewed dependency versions where possible.