arr-all
ReviewAudited by ClawScan on May 1, 2026.
Overview
Arr-All is a coherent media-server control skill; it uses your Radarr/Sonarr/Lidarr API keys and can change or remove media entries, but those abilities are disclosed and match its purpose.
Before installing, make sure you are comfortable giving the skill API access to your Radarr, Sonarr, and Lidarr instances. Keep the config file private, verify the service URLs, and ask the agent to confirm before adding collections, changing monitoring, removing entries, or deleting files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the agent can use these API keys to act on your media services, including reading status and making library changes.
The skill loads local API keys for the configured Radarr, Sonarr, and Lidarr services and uses them to authenticate API requests. This is expected for the integration, but it gives the skill service-control authority.
local unified_config="$HOME/.openclaw/credentials/arr-all/config.json" ... API_KEY=$(jq -r ".$service.apiKey" "$unified_config") ... -H "X-Api-Key: $API_KEY"
Use API keys only for the services you intend to control, keep the credential file private, and verify that the configured URLs point to your trusted local Arr instances.
A mistaken or overly broad agent instruction could remove media entries or, when deletion is enabled, cause the media service to delete files.
The skill can issue mutating and destructive API calls to a configured media service. Similar add/remove/update patterns are present for Sonarr and Lidarr, matching the documented management purpose.
api_request "radarr" "DELETE" "/api/v3/movie/$movieId?deleteFiles=$delete_files"
Require explicit confirmation before remove, delete-files, bulk collection add, or monitor-changing commands, especially when the agent proposes the action autonomously.
It may be harder to verify the publisher, maintenance history, or upstream changes for this skill.
The registry metadata does not provide an upstream source or homepage. This is a provenance limitation, although the submitted scripts are present and no remote installer is declared.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included scripts before installation and prefer installing from trusted publishers or sources when possible.