Lidarr

The OpenClaw Lidarr skill is benign. It correctly uses `curl` and `jq` to interact with a user-configured Lidarr API, reading credentials from the designated `~/.clawdbot/credentials/lidarr/config.json` file. User input is properly URL-encoded using `jq -sRr @uri` before being passed to `curl`, mitigating command injection risks. The `SKILL.md` provides clear instructions without any prompt injection attempts against the agent. All network activity is confined to the specified Lidarr instance, and there is no evidence of data exfiltration, malicious execution, persistence, or obfuscation.