Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Readarr
v1.0.0Interact with Readarr (ebook/audiobook manager) via its REST API. Use when searching for books, monitoring authors for new releases, checking what's missing...
⭐ 0· 183·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the instructions: SKILL.md contains curl examples against Readarr endpoints, add/monitor/search workflows, and Calibre integration. However, the skill metadata declares no required environment variables or config paths while the instructions rely on READARR_URL and READARR_KEY (and specific file paths). This mismatch is unexpected and should be reconciled.
Instruction Scope
Runtime instructions explicitly tell the agent to read a local credential file (e.g. `READARR_KEY=$(cat ~/clawd/credentials/readarr_api_key)` / `/path/to/readarr_api_key`) and reference local hosts/paths (localhost:8787, 192.168.42.79, /Volumes/Bull, /Applications/Readarr.app). Reading a secret from the user's home directory is within the skill's stated purpose but is sensitive; the instructions also mention passwordless sudo for docker on Synology which indicates environment-specific privileged operations. There are no instructions that exfiltrate data to external hosts, but the skill grants itself discretion to read local files and network services not declared in the metadata.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lower risk because nothing is automatically downloaded or written by an installer.
Credentials
The skill requires an API key to authenticate to Readarr, and the SKILL.md instructs where to store/load it, but the registry metadata lists no required env vars or config paths and no primary credential. That mismatch is disproportionate: the agent will try to access a local secret file without the skill declaring that it needs such access. The required access is limited to a Readarr API key and local network, but the lack of explicit declaration reduces transparency.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform-wide persistence, and does not modify other skills' configuration. Autonomous invocation is permitted (platform default) — combine that with the noted credential access if you are concerned.
What to consider before installing
This skill is generally coherent for interacting with a local Readarr instance, but review before installing. Key points: (1) SKILL.md expects the agent to read your Readarr API key from a file in your home (~/clawd/credentials/readarr_api_key or similar) even though the skill metadata doesn't declare required credentials—ensure you understand and approve any file access. (2) Confirm the Readarr URL (localhost vs. 192.168.42.79) and the filesystem paths referenced (Calibre library, Docker volumes) match your environment; the doc has environment-specific assumptions (macOS path, Synology Docker) that may not apply. (3) If you do not want an agent to read local secrets, move the API key to a location only you permit, or update the skill to clearly declare required config path(s) and to accept the key via a safer mechanism. (4) Because this is instruction-only, there is no installer risk, but pay attention to the agent's permission to read files and access your LAN. If unsure, test in a restricted account or VM and prefer creating a dedicated Readarr API key with limited scope before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977sww8svgmyy9rhep68tx82d82qjn7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.