ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Plex Media Remote

v1.1.0

A standalone command-line skill to interact with and manage Plex Media Server directly, featuring playback controls and secured temporary caching.

0· 83·0 current·0 all-time
byYahya@ymgenc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The script and SKILL.md claim the skill requires PLEX_URL and PLEX_TOKEN and the binaries 'uv' and 'python3' (and the Python dependency plexapi). Those requirements are coherent with a Plex-control CLI. However, the registry-level info provided at the top of the package (the 'Requirements' summary) lists no required env vars or binaries — a direct inconsistency between how the skill advertises itself at the package level and the internal metadata.json / SKILL.md. This mismatch is unexplained and could cause confusion or accidental failure when installing or running the skill.
Instruction Scope
The SKILL.md instructs the agent to run the included script via 'uv run scripts/plex_cli.py' and to inject PLEX_URL and PLEX_TOKEN into the environment. The script only contacts the specified Plex server and writes a JSON cache to the OS temp dir; it does not attempt to read local dotfiles or other system credentials. It does, however, fetch and return potentially sensitive live session data (usernames, playback state, client addresses) to stdout — this is expected for a Plex management tool but is privacy-sensitive and should be considered by the user.
Install Mechanism
There is no formal install spec (instruction-only), which is low risk, but the SKILL.md and metadata.json expect dependencies to be handled automatically via the 'uv' runner. 'uv' is an uncommon runtime tool and is listed as a required binary inside metadata.json but was not declared in the top-level package requirements. Because there is no explicit, reproducible install step, running the skill may fail or cause the agent to try to install/run tools it doesn't have. No network download URLs or extract/install steps are present.
Credentials
The only sensitive environment variables accessed are PLEX_URL and PLEX_TOKEN, which are proportionate and necessary for connecting to a Plex server. The script reads only those env vars. The problem is that the top-level provided manifest initially listed no required env vars while internal files require them — a packaging inconsistency the user should resolve before granting credentials.
Persistence & Privilege
The skill does not request permanent or privileged presence: 'always' is false, it does not modify other skills or system-wide settings, and it writes only a transient cache to the OS temp directory. It does not persist tokens to disk. No elevated privileges or persistent agent modifications are requested.
What to consider before installing
This skill appears to implement a legitimate Plex CLI and only needs your Plex URL and token to function, but there are a few concerns to check before installing: - Confirm the source: the package has no homepage and comes from an unknown owner. If you don't trust the author, don't install. - Resolve the metadata mismatch: the top-level registry summary lists no required env vars/binaries, but SKILL.md and metadata.json require PLEX_URL, PLEX_TOKEN, 'uv', and 'python3'. Make sure you (or the platform) provide these correctly; otherwise the agent may fail or attempt unexpected actions. - 'uv' is an uncommon runner; ensure you know what 'uv' will do on your system or provide an alternate invocation (python3 scripts/plex_cli.py) if you prefer. - Treat PLEX_TOKEN as a sensitive secret. Only provide it if you trust the skill and the environment where it's run. - Consider privacy: the skill returns live session info (usernames, player addresses) to stdout and caches media titles/actors/genres in the system temp directory. If that is acceptable for your environment, proceed; otherwise do not install. If you want higher assurance, ask the publisher for a known homepage or repo, or run the included script locally in a controlled environment first to verify behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977mp58j83cxwdv8pychq9629849sm2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
PLEX_URLrequired
PLEX_TOKENrequired

Comments