ClawHub

PlexMedia2HTML Export

v1.3.1

Exports Plex Media Library (Movies & TV Shows) as static HTML pages. Features: Multilingual (EN/DE), token obfuscation (machine-bound), genre filter, detail...

1· 177·1 current·1 all-time
by@kesuek

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kesuek/plexmedia2html-export.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "PlexMedia2HTML Export" (kesuek/plexmedia2html-export) from ClawHub.
Skill page: https://clawhub.ai/kesuek/plexmedia2html-export
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install plexmedia2html-export

ClawHub CLI

Package manager switcher

npx clawhub@latest install plexmedia2html-export
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim exporting a Plex library and the code implements Plex API calls, image downloads, HTML generation, local config storage, and machine-bound token obfuscation—these are coherent. Minor inconsistency: skill.json claims "sichere Token-Verschlüsselung" (secure encryption) while SKILL.md clearly admits the token storage is only obfuscation (XOR+Base64). This is an overstatement but not evidence of maliciousness.
Instruction Scope
Runtime instructions match the code: prompt for Plex URL/token, store config in ~/.openclaw/workspace/data/..., read /etc/machine-id (documented) to derive a machine-bound key, and call the Plex server only. The SKILL.md explicitly documents the machine-id read and the --insecure option (which disables SSL verification) — both are within the exporter's scope.
Install Mechanism
There is no install spec (instruction-only) and the bundle contains export.py as main. SKILL.md and skill.json reference a 'plex-export' wrapper/CLI command; no separate wrapper file is present in the manifest. That is a documentation/packaging mismatch you should verify (ClawHub may create the wrapper at install time). No network downloads or external packages are pulled by the skill itself.
Credentials
The skill requests no environment variables or external credentials beyond the Plex token entered interactively. It only reads local system identifiers (/etc/machine-id or hostname+username) for token obfuscation; this is documented and proportional to the stated feature (machine-binding the stored token).
Persistence & Privilege
The skill stores a config file under the user's home (~/.openclaw/workspace/data/plexmedia2html-export/config.json), sets file permissions to 600, and does not request elevated or system-wide privileges. always:false and normal autonomous invocation settings are used.
Assessment
This package appears to do what it says: export a Plex library to static HTML and locally store an obfuscated Plex token bound to the machine. Before installing, verify these points: 1) Source trust: the skill's source/homepage is unknown—review the export.py file yourself or install in an isolated environment. 2) Token security: the code uses XOR+Base64 with a machine-derived key (obfuscation, not strong encryption). If you require stronger protection, use an OS keyring or avoid storing the token. 3) Installer wrapper: SKILL.md mentions a 'plex-export' wrapper/CLI but the manifest lacks a separate wrapper file—confirm how ClawHub will expose the CLI or run export.py directly. 4) SSL: avoid using --insecure unless you trust the network and Plex server (it disables certificate verification). 5) Permissions: verify config file location and that CONFIG_FILE is chmod 600 as claimed. If any of these points are unacceptable, test the script manually, or require modifications (e.g., replace obfuscation with keyring storage) before using.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b8830hvwkjh8ctjrzsrywfn83ewb1
177downloads
1stars
8versions
Updated 1mo ago
v1.3.1
MIT-0
@kesuek
latest
Download

PlexMedia2HTML Export v1.2.3

English | Deutsch

<a name="english"></a>

🇬🇧 English

Exports your Plex Media Library as static HTML pages.

Features v1.2.3

  • 🎬 Movies & TV Shows beautifully displayed
  • 🏷️ Genre Filter for quick finding
  • 🔍 Detail Popups with all metadata
  • 🌍 Multilingual – English & German
  • 🔐 Token Obfuscation – Machine-bound (not true encryption)
  • 📱 Responsive Design for all devices
  • Fast – no Plex login required after export

Installation

Requires Python 3.8+. No external dependencies needed.

# Install via ClawHub
clawhub install plexmedia2html-export

# Or manually copy and make executable
chmod +x ~/.openclaw/workspace/skills/plexmedia2html-export/plex-export

The plex-export wrapper is ready to use.

Onboarding

The following values will be requested on first run:

1. Plex Server URL

Example: http://192.168.1.100:32400

2. Plex Token

1. Open Plex Web → Settings → General → Advanced
2. Click "Show Token"
3. Copy the token here

Note: The token is obfuscated with a machine-specific key (not truly encrypted).

3. Language

en (English) or de (German)

4. Export Path (optional)

Default: ~/Exports/

Configuration

Configuration is stored in ~/.openclaw/workspace/data/plexmedia2html-export/config.json:

{
  "plex_url": "http://192.168.1.100:32400",
  "plex_token_encrypted": "BASE64_ENCRYPTED_TOKEN",
  "export_path": "~/Exports",
  "movies_per_page": 18,
  "series_per_page": 18,
  "language": "en"
}

Important: The Plex token is never stored in plain text!

Usage

# First export
plex-export

# With self-signed certificate (disable SSL verification)
plex-export --insecure

# As cron job (daily at 2 AM)
0 2 * * * /usr/bin/python3 ~/.openclaw/workspace/skills/plexmedia2html-export/export.py

<a name="deutsch"></a>

🇩🇪 Deutsch

Exportiert deine Plex Mediathek als statische HTML-Seiten.

Features v1.2.3

  • 🎬 Filme & Serien übersichtlich dargestellt
  • 🏷️ Genre-Filter für schnelles Finden
  • 🔍 Detail-Popups mit allen Metadaten
  • 🌍 Multilingual – Englisch & Deutsch
  • 🔐 Token-Obfuskierung – Maschinengebunden (nicht echte Verschlüsselung)
  • 📱 Responsive Design für alle Geräte
  • Offline-fähig – Cover-Bilder werden lokal gespeichert

Installation

Der Skill benötigt Python 3.8+ und hat keine externen Dependencies.

# Skill installieren (via ClawHub)
clawhub install plexmedia2html-export

# Oder manuell kopieren und ausführbar machen
chmod +x ~/.openclaw/workspace/skills/plexmedia2html-export/plex-export

Der Wrapper plex-export ist direkt ausführbar.

Onboarding

Beim ersten Aufruf werden folgende Werte abgefragt:

1. Plex-Server URL

Beispiel: http://192.168.1.100:32400

2. Plex Token

1. Öffne Plex Web → Einstellungen → Allgemein → Erweitert
2. Klicke auf "Token anzeigen"
3. Kopiere den Token hierhin

Hinweis: Der Token wird obfuskiert mit einem maschinenspezifischen Schlüssel gespeichert (nicht verschlüsselt).

3. Sprache

en (Englisch) oder de (Deutsch)

4. Export-Pfad (optional)

Standard: ~/Exports/

Konfiguration

Die Konfiguration wird in ~/.openclaw/workspace/data/plexmedia2html-export/config.json gespeichert:

{
  "plex_url": "http://192.168.1.100:32400",
  "plex_token_encrypted": "BASE64_ENCRYPTED_TOKEN",
  "export_path": "~/Exports",
  "movies_per_page": 18,
  "series_per_page": 18,
  "language": "de"
}

Wichtig: Der Plex-Token wird nie im Klartext gespeichert!

Nutzung

# Erstmaliger Export
plex-export

# Mit selbst-signiertem Zertifikat (SSL-Verification deaktivieren)
plex-export --insecure

# Als Cron-Job (täglich um 2 Uhr)
0 2 * * * /usr/bin/python3 ~/.openclaw/workspace/skills/plexmedia2html-export/export.py

Security / Sicherheit

Privacy Note:

  • The skill reads /etc/machine-id (Linux) or derives a fallback from hostname+username
  • This is used to bind the obfuscated token to the current machine
  • No data is transmitted; the ID is only used locally for the obfuscation key

Token Storage (Obfuscation):

  • Tokens are obfuscated using XOR + Base64
  • Obfuscation key is derived from /etc/machine-id or hostname+username
  • Token cannot be deobfuscated on a different machine
  • This is not encryption — it prevents casual snooping but not determined attackers
  • For true security, use OS keyring or manually enter password each time

SSL/TLS:

  • By default, SSL certificate verification is enabled (secure)
  • Use --insecure flag only for self-signed certificates (not recommended)

File Permissions:

  • Config file is automatically set to chmod 600 (owner read/write only)
  • After first run, verify: ls -la ~/.openclaw/workspace/data/plexmedia2html-export/config.json

Lizenz / License

MIT – Frei verwendbar und modifizierbar / Free to use and modify.

Versions:

  • v1.2.3 – English default language, fixed navigation links
  • v1.2.2 – SSL verification enabled by default, file permissions enforced, --insecure flag
  • v1.2.1 – Fixed imports, honest documentation
  • v1.2.0 – Token obfuscation + Multilingual + Bug fixes
  • v1.1.0 – Multilingual support
  • v1.0.0 – Initial release

Comments

Loading comments...