ClawHub

arr-all

v1.0.0

Unified command-line interface for Radarr, Sonarr, and Lidarr. Search, add, and manage movies (Radarr), TV shows (Sonarr), and music (Lidarr) with calendar view and health monitoring.

3· 1.3k·4 current·4 all-time
by@rappo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: the code provides unified commands for Radarr/Sonarr/Lidarr and only requires curl/jq. It uses a home-directory JSON config (~/.openclaw/credentials/...) to store service URLs and API keys, which is coherent for this purpose.
Instruction Scope
Runtime instructions and scripts only call configured service endpoints, read/write temporary files in /tmp, and read the user's per-skill config files under $HOME. There are no calls to unrelated system files, hidden endpoints, or external exfiltration in the code; all network calls go to the user-configured URLs (and printed links to TMDB/TVDB/MusicBrainz are only for display).
Install Mechanism
There is no install spec (no remote downloads); the skill is delivered as script files. This is low-risk, but note that the package contains executable shell scripts — review them before running if you don't trust the publisher.
Credentials
The skill requests no environment variables; instead it expects API keys/URLs in JSON configs under ~/.openclaw/credentials/arr-all/config.json or per-service legacy files. This is proportionate, but the SKILL metadata did not enumerate these file-based credentials explicitly — ensure you store API keys only for services you trust.
Persistence & Privilege
The skill does not request always:true and makes no changes to other skills or system-wide configs. It runs on demand and only interacts with configured services and temporary files.
Assessment
This skill appears to be a straightforward local CLI wrapper for Radarr, Sonarr, and Lidarr. Before installing: (1) review the included scripts (they are shell scripts that will run on your machine); (2) ensure you only put API keys for trusted local services into ~/.openclaw/credentials/... (the skill reads those files rather than environment variables); (3) be aware the tool will perform POST/PUT/DELETE operations against the configured apps (adding/removing media), so run it with accounts that have only the permissions you intend; (4) because there is no install step, just placing/executing these scripts runs code from the package — trust the publisher or inspect the files first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c378t50xjnjnpkrdkptygrd80vf7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq

Comments