Safety Report

Trakt.tv

Name: Trakt.tv
Rating: 5 (4 reviews)
Author: d-meagher

@d-meagher

Interact with the Trakt API to manage your watchlist, collection, ratings, and discover content

1,278Downloads

4Installs

4Stars

1Versions

API Integration4,971

Security Analysis

high confidence

Clean0.08 risk

The skill is internally consistent with a Trakt API integration: it only needs Trakt credentials and uses curl to call Trakt endpoints; nothing in the files suggests malicious behavior.

Feb 11, 20263 files2 concerns

Purpose & Capabilityok

Name/description match the requested credentials and included helper script. The skill only talks to api.trakt.tv and trakt.tv and its examples are standard Trakt API calls.

Instruction Scopenote

Runtime instructions are limited to constructing curl requests, performing OAuth with Trakt, and asking the user to add credentials to ~/.openclaw/openclaw.json. This is expected. Minor scope issues: SKILL.md and the helper script mention TRAKT_REFRESH_TOKEN (used for refresh flow) but it's not listed in the declared requires.env; the helper script also requires jq and curl, yet the skill metadata does not declare required binaries.

Install Mechanismok

No install spec — instruction-only skill plus a small shell helper. No downloads from external/untrusted URLs or archive extraction.

Credentialsnote

The env vars requested (client id/secret/access token) are appropriate for a Trakt integration. Two minor inconsistencies: TRAKT_REFRESH_TOKEN is used/suggested in examples but not listed in requires.env/primaryEnv, and the helper script requires jq (and curl) but required binaries are declared as none.

Persistence & Privilegeok

always is false and the skill asks the user to put credentials into the OpenClaw config — normal behavior. The skill does not request system-wide privileges or modify other skills' configs.

Guidance

This skill appears to be a straightforward Trakt API helper. Before installing: 1) Verify the skill source (homepage is missing and README references a placeholder GitHub URL), since you will store API secrets for your Trakt account. 2) Inspect get_trakt_token.sh before running it (it performs OAuth against api.trakt.tv and prints the tokens and a JSON snippet to add to ~/.openclaw/openclaw.json). 3) Ensure jq and curl are installed — the script will fail without jq. 4) Consider creating a dedicated Trakt application name for this skill and treat the client secret/access token as sensitive (store openclaw.json with restrictive file permissions). 5) Note the metadata omission: TRAKT_REFRESH_TOKEN is recommended by the skill but not declared in requires.env; add it if you want token refresh to work. If you are comfortable reviewing the small script and trust the skill author, it is coherent with its stated purpose.

Latest Release

v1.0.0

Initial release of the Trakt skill. - Enables interaction with the Trakt API for managing watchlist, collection, watch history, ratings, and content discovery - Supports movie and show search, as well as fetching trending, popular, and recommended content - Provides detailed setup instructions for OAuth credentials and environment variables - Includes example curl requests for all supported actions - Documents required request headers, API endpoints, and common response codes - Covers rate limits and provides a helper script for obtaining OAuth tokens

Popular Skills

x402 (official examples)

@notorious-d-e-v · 2 stars

dungeons-and-lobsters

@D-L-Leapyear · 0 stars

Tender Offer Arbitrage Scanner

@d-wwei · 0 stars

Folder Inspector

@JayXu-D · 0 stars

My Generate Qr Code

@JayXu-D · 0 stars

NVIDIA NIM Skill

@d-wwei · 0 stars

Published by @d-meagher on ClawHub