Skillv1.0.0

ClawScan security

Admirarr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 8:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (controlling an *Arr + media server stack) matches the instructions, but the README-style install line uses a curl | sh installer and the 'doctor --fix' wording hands off to the agent for further fixes — both raise proportionality/installation concerns you should review before installing or running the binary.
Guidance: This skill appears to be an instruction wrapper around an external CLI (admirarr), which is reasonable for managing media stacks — but take these precautions before installing or running it: 1) Do not run the curl | sh installer blindly; inspect the script at https://get.admirarr.dev and prefer a package from a reputable release (GitHub release, distro package, or homebrew) or verify a checksum/signature. 2) Verify the source code or repository for the admirarr binary and confirm the domain is legitimate. 3) Run the binary in a sandbox or non-privileged environment first; avoid running it as root. 4) Confirm how the agent enforces user confirmations for 'restart' or 'doctor --fix' actions — require interactive approval for changes. 5) If you need to allow autonomous runs, restrict the agent's environment (no sensitive AWS/GitHub tokens in the same environment) in case the binary or agent issues network calls. If you can, ask the publisher for a canonical install method and reproducible release artifacts; lack of those increases risk.

Review Dimensions

Purpose & Capability: okName/description map directly to a CLI tool called 'admirarr' and the SKILL.md lists commands the binary implements. Requiring the 'admirarr' binary on PATH is coherent for a CLI-driven skill that manages Jellyfin/Plex and *Arr services.
Instruction Scope: noteThe instructions tell the agent to run admirarr commands (status, health, search, restart, etc.) and do not instruct reading unrelated system files or external credentials. However, 'admirarr doctor --fix → Built-in fixes → AI agent for the rest' is vague and could permit the agent to take broader corrective actions beyond mere read-only queries; the SKILL.md does say to confirm destructive actions, but the ambiguity is worth noting.
Install Mechanism: concernThe skill has no formal install spec but the SKILL.md includes a 'curl -fsSL https://get.admirarr.dev | sh' installer suggestion. Piping remote scripts to sh is a high-risk pattern because it executes code from an external host; the domain is not an obviously well-known package host. The skill itself does not install files, but the presence of that installer in docs increases risk if a user follows it without verification.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportionate to a CLI wrapper which relies on local service endpoints and the admirarr binary.
Persistence & Privilege: notealways:false (normal). The skill can be invoked autonomously (platform default). Combined with the ambiguous 'doctor --fix' behavior, autonomous invocation could allow the agent to run corrective commands if not constrained by prompts/confirmation; SKILL.md instructs to confirm with user before destructive actions, so verify that runtime enforcement of confirmations exists.