Readarr
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Readarr API helper, but it can use a Readarr API key to change the ebook library and trigger downloads, so users should only install it if that control is intended.
Before installing, make sure you want the agent to use your Readarr API key to view and manage your ebook/audiobook library, trigger searches or downloads, and interact with your local Readarr/Prowlarr setup. Keep the API key file private, confirm destructive or bulk changes, and be cautious if following the optional Docker setup because it references a mutable development image and a host with passwordless Docker sudo.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without care, the agent could change the Readarr library or remove items the user wanted to keep.
The skill documents API endpoints that can add, update, and remove library items. This matches the stated Readarr-management purpose, but these are state-changing operations.
POST | `/book` | Add a book ... PUT | `/book/{id}` | Update book ... DELETE | `/book/{id}` | Remove bookConfirm user intent before add, update, delete, queue-removal, or search-triggering actions.
Anyone or any agent with access to this key may be able to view and manage the Readarr library and trigger downloads.
The skill relies on a local Readarr API key. That is expected for this integration, but the key grants control over Readarr and is not declared in the registry credential metadata.
Store API key at `~/clawd/credentials/readarr_api_key` ... Load with: `READARR_KEY=$(cat ~/clawd/credentials/readarr_api_key)`
Keep the API key file permission-restricted, rotate it if exposed, and use this skill only with agents you trust to manage Readarr.
If an agent is also allowed to run shell commands on that host, Docker access may provide broad system control.
The setup notes describe passwordless Docker sudo. This is not automatic skill behavior, but Docker sudo can be highly privileged on the host.
Passwordless sudo for `/usr/local/bin/docker` is configured.
Limit who can run commands on the host and avoid exposing passwordless Docker sudo beyond trusted administrative workflows.
A future pull of the same tag could run different container code than the user originally reviewed.
The optional Docker setup uses a mutable development image tag rather than a pinned digest or stable version.
image: lscr.io/linuxserver/readarr:develop
Prefer a stable version tag or pinned digest if deploying Readarr from these setup instructions.
On an untrusted or exposed network, the Readarr API key or library-management traffic could be observed or misused.
The setup describes service-to-service integration over HTTP on a private IP and sharing the Readarr API key with Prowlarr. This is common for local *arr deployments but still transmits a sensitive key within the local network.
URL: `http://192.168.42.79:8787` ... API Key: Readarr key ... Sync Level: Full Sync
Keep the service on a trusted local network, restrict access with firewall rules, and use HTTPS or a protected reverse proxy if exposing it beyond localhost/LAN.