v0.1.7

Radarr+

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

Radarr+ mostly matches its movie-request purpose, but one documented helper can execute scripts from a hard-coded developer workspace path, so it deserves review before installation.

GuidanceReview or fix the hard-coded /home/vishix helper paths before installing. If you proceed, only configure Radarr/Plex credentials you are comfortable letting the agent use, restrict group-chat access to trusted users, and enable the polling dispatcher only if you want persistent progress notifications.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

scripts/resolve_defaults.py

return _run_json(["bash", "-lc", "cd /home/vishix/.openclaw/workspace && ./skills/radarr/scripts/radarr.sh " + " ".join(args)])

A helper that is referenced by the documented workflow shells into a hard-coded developer workspace rather than using the installed package-relative script path, so it may execute a different/unreviewed copy of the skill or fail unexpectedly.

User impactUsing this helper could run code outside the installed skill package while Radarr credentials are present in the environment.

RecommendationReplace hard-coded /home/vishix paths with package-relative paths or an explicit trusted workspace variable, avoid shell string construction, and review the similar absolute paths in radarr_request.py before installing.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/radarr.py

created = _request("/api/v3/movie", method="POST", body=movie)
...
body={"name": "MoviesSearch", "movieIds": [created["id"]]}

The helper can add movies to Radarr and trigger a Radarr search command, which is exactly the skill's purpose but is still a mutating action.

User impactThe agent can change the Radarr library and potentially start media downloads when a movie request is handled.

RecommendationInstall only if you want the agent to be able to add/search movies in Radarr, and consider requiring confirmation for group chats, ambiguous matches, or requests from untrusted users.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

A periodic dispatcher should run: `./skills/radarr/scripts/poll_and_queue.py` ... create outbox items under `./state/radarr/outbox/`

The skill supports ongoing polling and queued notifications after the initial request; this persistence is disclosed and tied to progress updates.

User impactThe skill may continue tracking requested movies and preparing chat notifications until an import completes.

RecommendationRun the dispatcher only if you want progress notifications, and periodically clear or review the Radarr state/outbox files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Set secrets in `~/.openclaw/.env` ... `RADARR_API_KEY=...` ... `PLEX_TOKEN=...`

The skill requires a Radarr API key and optionally uses a Plex token; these credentials are expected for the integration and the artifacts do not show hardcoded secrets or credential logging.

User impactAnyone or any agent flow with access to these credentials can use the associated Radarr/Plex authority available to the skill.

RecommendationStore tokens only in the intended .env file, restrict who can invoke the skill, and use the least-privileged service configuration available.