Radarr Fixed
ReviewAudited by ClawScan on May 10, 2026.
Overview
The Radarr integration mostly matches its purpose, but its collection command can enable ongoing automatic future movie additions without a clear pre-action opt-out.
Install only if you are comfortable giving the skill access to your Radarr API key. Be especially careful with add-collection, because it can enable ongoing collection monitoring and future automatic additions; confirm file deletion separately before any remove action with --delete-files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A single collection add could cause Radarr to automatically add/search for future movies without another prompt, potentially consuming storage or changing the library later.
The add-collection flow can persistently enable collection monitoring and future search-on-add behavior, which may trigger later Radarr changes after the original user request.
updatePayload=$(echo "$fullCollection" | jq '. + {monitored: true, searchOnAdd: true}') ... echo "👁️ Collection monitored (new releases auto-added)"Document this behavior prominently and require explicit confirmation or a separate flag before enabling ongoing collection monitoring/searchOnAdd; respect an opt-out such as --no-search for future collection automation.
The skill can make real changes to the Radarr library and, with the delete-files option, remove media files.
The script can add Radarr movies and remove library entries, including deleting underlying files when deleteFiles is true.
result=$(curl -s -X POST ... "$API/movie") ... curl -s -X DELETE -H "$AUTH" "$API/movie/$movieId?deleteFiles=$deleteFiles"
Only approve add/remove actions for the exact movie or collection you intend, and require a clear confirmation before using --delete-files.
Anyone or any agent using this skill with that key can perform the Radarr actions allowed by the configured API key.
The skill reads a local Radarr API key or environment-provided key and uses it to authenticate API requests.
CONFIG_FILE="$HOME/.openclaw/credentials/radarr/config.json" ... AUTH="X-Api-Key: $RADARR_API_KEY"
Store the API key securely, point RADARR_URL only at the intended Radarr instance, and rotate the key if you suspect it was exposed.
You have less external context for verifying authorship, update history, or whether this fork matches its stated origin.
The registry metadata does not provide a source repository or homepage, limiting provenance verification even though the included script is available for review.
Source: unknown Homepage: none
Review the included script before use and prefer skills with clear source repositories or verified provenance for long-term installation.