← Back to Skills Marketplace

Sonarr Fixed

Name: Sonarr Fixed
Author: frannunpal

by frannunpal · GitHub ↗ · v1.0.2

cross-platform ⚠ suspicious

494

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sonarr-fixed

Description

Search and add TV shows to Sonarr. Supports monitor options, search-on-add. FORK of jordyvandomselaar/sonarr with fixed metadata.

Usage Guidance

This skill looks like a straightforward Sonarr helper, but check two things before installing or running it: (1) Decide whether you will use the config file (~/.openclaw/credentials/sonarr/config.json) or environment variables. The script prefers values from the config file and will overwrite env vars if the config exists (contrary to the SKILL.md claim that env vars override). (2) Protect your Sonarr API key—store the config file with restrictive permissions and only provide the minimum privileges required by your Sonarr instance. Also note that the registry metadata in the package summary appears malformed ("[object Object]") — this looks like a harmless metadata serialization bug but you may want to confirm the source/owner before trusting the skill. If you need higher assurance, review the script (scripts/sonarr.sh) line-by-line and test it in a controlled environment.

Capability Analysis

Type: OpenClaw Skill Name: sonarr-fixed Version: 1.0.2 The `scripts/sonarr.sh` script is vulnerable to shell injection. The `SONARR_URL` and `SONARR_API_KEY` variables, sourced from `~/.openclaw/credentials/sonarr/config.json` or environment variables, are used directly within `curl` commands without proper shell sanitization. If these configuration values contain shell metacharacters (e.g., `$(command)`), it could lead to arbitrary command execution or data exfiltration, making it a significant vulnerability. While the `search` query parameter is URL-encoded, the core API endpoint and key are not protected.

Capability Assessment

✓ Purpose & Capability

The skill is a Sonarr API wrapper: it uses curl/jq to call a Sonarr instance API and requires a Sonarr URL and API key. Those requirements align with the described purpose of searching/adding/removing TV shows.

ℹ Instruction Scope

SKILL.md instructs creating ~/.openclaw/credentials/sonarr/config.json (and optionally using SONARR_URL/SONARR_API_KEY to override). The included script implements the described commands (search, add, remove, config) and prints TVDB links as required. However, the SKILL.md claims env vars 'override' the config file but the script reads the config file first and will overwrite any pre-set environment variables if the config file exists (i.e., config takes precedence). This is a functional mismatch between docs and implementation.

✓ Install Mechanism

This is an instruction-only skill with a small shell script (no install spec). No network downloads or packages are installed by the skill itself, which lowers installation risk.

ℹ Credentials

The skill only needs a Sonarr URL and API key (stored in the config file or environment). Those are proportional to its function. Two metadata issues to note: the registry summary in the prompt shows malformed/placeholder entries ("[object Object]") for required env/config, and SKILL.md marks the env vars optional but the script requires the url and apiKey to be present (via config or env). Confirm which mechanism you prefer and ensure the API key is stored securely (correct file permissions).

✓ Persistence & Privilege

The skill does not request persistent 'always' inclusion, and it does not modify other skills or global settings. It only reads the declared config path and calls the Sonarr API.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sonarr-fixed
After installation, invoke the skill by name or use /sonarr-fixed
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- Forked from jordyvandomselaar/sonarr; metadata declarations are fixed. - Corrected required config paths and credentials in metadata. - Enhanced documentation for setup, config, and workflow instructions. - No functional changes; update primarily clarifies setup and ensures proper credential handling.

Metadata

Slug sonarr-fixed

Version 1.0.2

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Sonarr Fixed?

Search and add TV shows to Sonarr. Supports monitor options, search-on-add. FORK of jordyvandomselaar/sonarr with fixed metadata. It is an AI Agent Skill for Claude Code / OpenClaw, with 494 downloads so far.

How do I install Sonarr Fixed?

Run "/install sonarr-fixed" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sonarr Fixed free?

Yes, Sonarr Fixed is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sonarr Fixed support?

Sonarr Fixed is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sonarr Fixed?

It is built and maintained by frannunpal (@frannunpal); the current version is v1.0.2.

More Skills