Sonarr
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward Sonarr API wrapper, but users should notice that it can change the Sonarr library and optionally delete media files.
Install only if you want this skill to manage your Sonarr library. Before using it, create the Sonarr config intentionally, verify the URL and API key, and carefully approve any remove or --delete-files action.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the skill could change the Sonarr library or delete media files.
The skill discloses commands that can add shows, start searches, remove shows, and optionally delete files through Sonarr. This is purpose-related but high-impact enough that users should confirm actions carefully.
bash scripts/sonarr.sh add <tvdbId> # searches right away bash scripts/sonarr.sh remove <tvdbId> --delete-files # delete files too **Always ask user if they want to delete files when removing!**
Only approve add/remove actions after checking the TVDB ID and deletion option; avoid using --delete-files unless you intentionally want Sonarr to remove media files.
Anyone or any agent run with this skill and config can act on the configured Sonarr server using the stored API key.
The script reads a local Sonarr API key and uses it for Sonarr API calls. This is expected for a Sonarr integration, but it grants the skill whatever authority that API key has.
CONFIG_FILE="$HOME/.clawdbot/credentials/sonarr/config.json" SONARR_API_KEY=$(jq -r '.apiKey' "$CONFIG_FILE") AUTH="X-Api-Key: $SONARR_API_KEY"
Store the config file carefully, use the least-privileged Sonarr setup available, and verify that the configured URL points only to the intended Sonarr instance.