Tautullu
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—read Tautulli/Plex status through your API key—but it can show private Plex activity and user history to the agent.
Before installing, verify the skill source if provenance matters to you, configure TAUTULLI_URL only for your own trusted Tautulli instance, keep TAUTULLI_API_KEY secret, and remember that queries may reveal Plex watch history, users, and server details to the agent session.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less provenance context for confirming who maintains the skill or whether future updates match the reviewed files.
The registry metadata does not identify an authoritative source or homepage. This is a provenance note only; the provided package contents are small and no automatic remote installer is shown.
Source: unknown; Homepage: none
Install only from a trusted registry entry, and verify the repository or maintainer if cloning or updating manually.
Anyone or any agent run with this configured key can retrieve Tautulli/Plex monitoring data exposed by these commands.
The skill requires a Tautulli API key and sends it to the configured Tautulli URL for API access. This is expected for the integration and the shown commands are monitoring-oriented.
`TAUTULLI_API_KEY` – Settings → Web Interface → API Key; `$TAUTULLI_URL/api/v2?apikey=$TAUTULLI_API_KEY&cmd=<command>`
Store the API key securely, use only your trusted Tautulli URL, prefer HTTPS or a trusted local network, and rotate the key if it is exposed.
Plex usernames, media titles, viewing times, and server details may be displayed in chat or included in the agent's working context.
The skill intentionally retrieves Plex user activity, watch history, and user statistics, which can enter the agent conversation/context.
Shows active streams with user, title, progress, quality, and player... Lists users with total watch time and last seen date.
Use the skill only when you are comfortable sharing Plex activity details with the agent session, and treat returned titles/usernames as untrusted text.