ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Media Cli Local

v1.0.0

Single-file bash CLI for the *arr media stack. Manage Sonarr, Radarr, Prowlarr, qBittorrent, Bazarr, Jellyseerr, and Tdarr from the terminal or via AI agents...

0· 110·0 current·0 all-time
bySolomon Neas@solomonneas

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for solomonneas/media-cli-local.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Media Cli Local" (solomonneas/media-cli-local) from ClawHub.
Skill page: https://clawhub.ai/solomonneas/media-cli-local
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install media-cli-local

ClawHub CLI

Package manager switcher

npx clawhub@latest install media-cli-local
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The SKILL.md describes a local CLI for Sonarr/Radarr/Prowlarr/qBittorrent/Bazarr/Jellyseerr/Tdarr which coherently explains why it needs bash, curl, and python3. However the registry metadata lists no required binaries or credentials, which is inconsistent with the documented requirements and setup behavior.
!
Instruction Scope
Instructions tell the agent/user to git clone an external GitHub repo, run the script, and run an interactive 'media setup' that collects API URLs and keys and writes them to ~/.config/media-cli/config. The SKILL.md claims 'localhost only' and 'no telemetry', but there is no packaged code in this skill for us to verify those assertions. The instructions also direct cloning and execution of external code — the agent could be told to run those commands and would download and execute third-party code.
Install Mechanism
There is no install spec in the registry (instruction-only). The SKILL.md instructs cloning from https://github.com/solomonneas/media-cli and copying a script into PATH. Downloading and executing code from GitHub is common but not vetted by the registry — the install step is external to the skill and should be reviewed/counted as an explicit external download by the user.
!
Credentials
The skill will ask for many local service API URLs and keys (Sonarr/Radarr/Prowlarr/qBittorrent/etc.) and stores them in ~/.config/media-cli/config, but the registry metadata declares no required credentials or primaryEnv. The absence of declared credentials is a mismatch; users should expect to provide and protect multiple service API keys even if they are local-only.
Persistence & Privilege
always is false and the skill does not request permanent platform presence. The only persistent action described is writing a local config file (chmod 600) which is normal for a CLI; there is no evidence it modifies other skills or global agent settings.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found no matches — expected because this is an instruction-only skill with no bundled code. This absence does not verify the external repository the instructions ask you to git clone.
What to consider before installing
This skill points you to an external GitHub script and tells you to run it locally and enter API URLs/keys for many local services. Before installing or running anything: 1) Manually inspect the repository and the single bash script (or ask the author for a specific commit/sha) — do not run arbitrary scripts without review. 2) Verify the script's network behavior (ensure calls are truly localhost-only and there's no telemetry/exfiltration). 3) Treat the setup wizard as sensitive: only enter API keys for services you control locally, and verify the config file permissions (chmod 600). 4) If you want the registry metadata to match practice, request the skill author add declared binaries (bash, curl, python3) and list that API keys will be required. 5) If you allow an AI agent to run this skill autonomously, be aware it will execute shell commands that download and run external code — only permit that after code review.

Like a lobster shell, security has layers — review code before you run it.

latestvk972xmd867wbrjgv7n5j4tgrsn83any8
110downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Solomon Neas@solomonneas
latest
Download

media-cli-local — Terminal Control for Your *arr Media Stack

One bash script to manage your entire media automation stack. Search, add, download, and monitor movies and TV shows without touching a web UI.

Designed for setups where the agent and media services run on the same machine. If your *arr stack runs on a different host, see media-cli which includes SSH remote support.

Source: https://github.com/solomonneas/media-cli

Install: Clone the repo and copy the script to your PATH. Review it first.

git clone https://github.com/solomonneas/media-cli.git
cd media-cli
cp media ~/bin/media && chmod +x ~/bin/media
media setup

Supported Services

ServiceRequiredWhat It Does
SonarrYesTV show management
RadarrYesMovie management
ProwlarrYesIndexer management
qBittorrentYesDownload monitoring
BazarrOptionalSubtitles
JellyseerrOptionalUser requests + trending
TdarrOptionalTranscode monitoring

Setup

The setup wizard asks for API URLs and keys, saves to ~/.config/media-cli/config (chmod 600). All connections are localhost only.

media setup    # Interactive config wizard
media status   # Verify everything connects

Commands

Movies

media movies search "Interstellar"    # Search online
media movies add "Interstellar"       # Add + start downloading
media movies list                     # Library with download status
media movies missing                  # Monitored without files
media movies remove "title"           # Remove (keeps files)

TV Shows

media shows search "Breaking Bad"     # Search online
media shows add "Breaking Bad"        # Add + search episodes
media shows list                      # Library with episode counts

Downloads

media downloads                       # All torrents by state
media downloads active                # Active with speed + ETA
media downloads pause <hash|all>
media downloads resume <hash|all>
media downloads remove <hash> [true]  # true = delete files too

Status & Monitoring

media status                          # Health + library counts + active downloads
media queue                           # Sonarr/Radarr download queues
media wanted                          # Missing episodes + movies
media calendar 14                     # Upcoming releases (next N days)
media history                         # Recent activity
media refresh                         # Trigger library rescan
media indexers                        # Prowlarr indexer status

Subtitles (Bazarr)

media subs                            # Wanted subtitles
media subs history                    # Recent subtitle downloads

Requests (Jellyseerr)

media requests                        # Pending user requests
media requests trending               # What's trending
media requests users                  # User list with request counts

Transcoding (Tdarr)

media tdarr                           # Status + active workers
media tdarr workers                   # Per-file progress: %, fps, ETA
media tdarr queue                     # Items queued for processing

AI Agent Integration

Commands output clean, parseable text designed for AI agents:

"What shows am I missing episodes for?"  →  media wanted
"Add Succession"                         →  media shows add "Succession"
"What's downloading right now?"          →  media downloads active
"Pause all downloads"                    →  media downloads pause all

Works with OpenClaw, LangChain, Claude computer use, or any agent framework with shell execution.

Requirements

  • bash 4.0+
  • curl
  • python3 (standard library only, no pip)

Technical Details

  • Single bash script (~900 lines)
  • All API calls go to localhost (no remote connections)
  • Talks to *arr v3 APIs (Sonarr/Radarr), v1 (Prowlarr), v2 (qBittorrent WebUI)
  • Python3 used strictly for JSON parsing (standard library)
  • No telemetry, no analytics, no network calls except to your own services
  • Config stored at ~/.config/media-cli/config with chmod 600

Comments

Loading comments...