ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lidarr

v1.0.0

Interact with Lidarr (music/album manager) via its REST API. Use when searching for artists or albums, checking missing/wanted releases, triggering downloads...

0· 86·0 current·0 all-time
by@minerva-care

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for minerva-care/minerva-lidarr.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lidarr" (minerva-care/minerva-lidarr) from ClawHub.
Skill page: https://clawhub.ai/minerva-care/minerva-lidarr
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install minerva-lidarr

ClawHub CLI

Package manager switcher

npx clawhub@latest install minerva-lidarr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the actions shown (search/add artist/album, check wanted/queue, trigger searches). However, the SKILL.md expects LIDARR_URL and LIDARR_KEY (and shows reading an API key file), which are not declared in the registry metadata; the instructions also rely on curl and python3 but required binaries are listed as none.
Instruction Scope
All instructions operate against a local Lidarr API (http://localhost:8686) and only call documented Lidarr endpoints. They instruct reading an API key from a filesystem path (e.g. /path/to/lidarr_api_key or ~/clawd/credentials/...), and use curl and python3 for processing. This is expected for a local-API skill but the skill text gives concrete file-read examples — installing an agent that follows these instructions will attempt to read that path if the example is followed.
Install Mechanism
Instruction-only skill with no install spec or downloads — low install risk. Nothing is written to disk by the skill package itself.
!
Credentials
The skill requires an API key (LIDARR_KEY) and a URL (LIDARR_URL) at runtime, but the registry metadata lists no required env vars or primary credential. Requested access is otherwise limited and appropriate for Lidarr, but the omission in metadata is a meaningful mismatch that could confuse permissioning or automated policy checks.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges, nor does it modify other skills. Autonomous invocation is allowed by default (platform default) but not combined with other broad privileges here.
What to consider before installing
This skill appears to do what it says: call a local Lidarr REST API. Before installing, verify or correct the mismatches: 1) ensure you have a Lidarr API key and a local URL and decide how the agent should access them (declare env vars or provide a clear, safe file path). 2) Confirm curl and python3 are available on the agent runtime (the SKILL.md uses both). 3) Store the API key in a secure, minimally-permissioned location and create a dedicated API key in Lidarr if possible so the skill has only the permissions it needs. 4) Be aware some endpoints can delete/blacklist files or queue items — only allow this skill if you trust its source or inspect the SKILL.md thoroughly. 5) Ask the publisher to update registry metadata to list LIDARR_URL/LIDARR_KEY and required binaries, or correct the SKILL.md if those declarations are intentionally omitted. If you cannot validate these points, treat the mismatch as a risk and avoid enabling autonomous use.

Like a lobster shell, security has layers — review code before you run it.

latestvk977abzrxjpvem6q68r5q8wrwx842tve
86downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@minerva-care
latest
Download

Lidarr Skill

Lidarr is the *arr-suite manager for music. It monitors artists and albums, finds releases via indexers (Prowlarr), sends them to a download client, and organises them on disk.

Connection

Lidarr runs on Dozo at http://localhost:8686.

LIDARR_URL="http://localhost:8686"
LIDARR_KEY=$(cat /path/to/lidarr_api_key)

See references/api.md for all endpoints.

Core Workflows

Search and add an artist

# 1. Look up artist (returns MusicBrainz results)
curl -s "$LIDARR_URL/api/v1/artist/lookup?term=David+Bowie" \
  -H "X-Api-Key: $LIDARR_KEY" | python3 -c "
import sys,json
results = json.load(sys.stdin)
for a in results[:5]:
    print(a.get('artistName'), '| foreignArtistId:', a.get('foreignArtistId'))
"

# 2. Get quality/metadata profiles and root folders
curl -s "$LIDARR_URL/api/v1/qualityprofile" -H "X-Api-Key: $LIDARR_KEY"
curl -s "$LIDARR_URL/api/v1/metadataprofile" -H "X-Api-Key: $LIDARR_KEY"
curl -s "$LIDARR_URL/api/v1/rootfolder" -H "X-Api-Key: $LIDARR_KEY"

# 3. Add the artist
curl -s -X POST "$LIDARR_URL/api/v1/artist" \
  -H "X-Api-Key: $LIDARR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"foreignArtistId":"<id>","artistName":"David Bowie","qualityProfileId":1,"metadataProfileId":1,"rootFolderPath":"/music","monitored":true,"addOptions":{"monitor":"all","searchForMissingAlbums":true}}'

Search and add an album

# 1. Look up album
curl -s "$LIDARR_URL/api/v1/album/lookup?term=Ziggy+Stardust" \
  -H "X-Api-Key: $LIDARR_KEY" | python3 -c "
import sys,json
results = json.load(sys.stdin)
for a in results[:5]:
    print(a.get('title'), '—', a.get('artist',{}).get('artistName'), '| foreignAlbumId:', a.get('foreignAlbumId'))
"

# 2. Add the album (artist must already be in Lidarr)
curl -s -X POST "$LIDARR_URL/api/v1/album" \
  -H "X-Api-Key: $LIDARR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"foreignAlbumId":"<id>","monitored":true,"addOptions":{"searchForNewAlbum":true}}'

Check wanted/missing albums

curl -s "$LIDARR_URL/api/v1/wanted/missing?pageSize=20" \
  -H "X-Api-Key: $LIDARR_KEY" | python3 -c "
import sys,json
d = json.load(sys.stdin)
for a in d.get('records',[]):
    print(a.get('title'), '—', a.get('artist',{}).get('artistName'), '(', a.get('releaseDate','?')[:4], ')')
"

Trigger search for all missing albums

curl -s -X POST "$LIDARR_URL/api/v1/command" \
  -H "X-Api-Key: $LIDARR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"MissingAlbumSearch"}'

Check download queue

curl -s "$LIDARR_URL/api/v1/queue" -H "X-Api-Key: $LIDARR_KEY" | python3 -c "
import sys,json
q = json.load(sys.stdin)
for item in q.get('records',[]):
    print(item.get('title'), '|', item.get('status'), '|', item.get('timeleft','?'))
"

Credentials

Store API key at ~/clawd/credentials/lidarr_api_key (single line, no newline). Load with: LIDARR_KEY=$(cat /path/to/lidarr_api_key)

Comments

Loading comments...