Tautullu

The OpenClaw skill bundle for Tautulli is benign. All scripts (`activity.sh`, `history.sh`, `libraries.sh`, `recent.sh`, `server.sh`, `users.sh`) use `curl` to interact with a user-configured Tautulli API endpoint, fetching and displaying data using `jq`. The `TAUTULLI_URL` and `TAUTULLI_API_KEY` are explicitly required environment variables. There is no evidence of data exfiltration beyond the intended Tautulli API calls, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts in `SKILL.md` or `README.md` that would lead to unauthorized actions.