prowlarr-search
PassAudited by ClawScan on May 1, 2026.
Overview
This skill does what it says—queries a configured Prowlarr server for search results—but it needs your Prowlarr API key, so configure it only for a trusted server.
This appears safe for its stated purpose if you already intend to let an agent search your Prowlarr instance. Before installing, confirm that PROWLARR_BASE_URL points to your own trusted Prowlarr server and that you are comfortable providing the PROWLARR_API_KEY.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill must provide a Prowlarr API key; if the base URL is misconfigured to an untrusted server, that key could be sent there.
The script uses the Prowlarr API key to authenticate search requests to the configured base URL. This is purpose-aligned, but it means the skill has delegated access to the user's Prowlarr service.
api_url = f"{base_url}/api/v1/search?query={encoded_query}&type={search_type_param}&limit=100&apiKey={api_key}"Use only a trusted Prowlarr base URL, keep the API key secret, and rotate the key if you suspect it was exposed.