ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nas Movie Download

v3.2.2

Search and download movies via Jackett and qBittorrent. Use when user wants to download movies or videos from torrent sources, search for specific movie titl...

3· 1.8k·6 current·6 all-time
byRoger@roger0808
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Jackett + qBittorrent + SMB subtitle fetching) align with the included scripts: search, add magnet to qBittorrent, wait for completion, and download/upload subtitles via SMB. The code implements the stated capabilities.
!
Instruction Scope
SKILL.md and scripts instruct the agent to access network services (Jackett, qBittorrent, subtitle providers) and an SMB share—this is expected. However SKILL.md documents environment variables and a config file but the skill metadata declares no required env vars or config paths; the packaged files read/write config/smb.env and embed defaults. The instructions also reference running many scripts that will attempt SMB and HTTP access and run subprocesses (subliminal), which is within scope but broad.
Install Mechanism
No install spec; this is an instruction + code bundle. That lowers supply-chain risk compared with remote downloads. Scripts rely on system binaries (python3, curl, jq, subliminal) but none are installed by the skill itself.
!
Credentials
Although the registry metadata lists no required environment variables or primary credential, the SKILL.md and many scripts expect and embed sensitive values: JACKETT_API_KEY, QB_USERNAME/QB_PASSWORD, SMB_USERNAME/SMB_PASSWORD, and a private IPv4 address (192.168.1.246). Multiple files include plaintext credentials and server addresses (config/smb.env and numerous scripts). Requesting network credentials for the services the skill uses is reasonable, but bundling valid-seeming credentials in code/config and not declaring them in metadata is inconsistent and risky.
Persistence & Privilege
The skill does not request always:true and contains no install-time hooks or modifications to other skills. It runs when invoked and doesn't claim persistent system-level privileges beyond normal network/SMB access.
Scan Findings in Context
[HARDCODED_CREDENTIALS] unexpected: Multiple files (config/smb.env and many scripts) contain plaintext SMB, qBittorrent, and Jackett credentials and default URLs. While the skill needs credentials to access those services, bundling them in the package is inappropriate and not declared in metadata.
[UNDOCUMENTED_CONFIG_PATH] unexpected: Registry metadata declared no required config paths, but config/smb.env is present and referenced by SKILL.md/scripts. This mismatch is incoherent.
[NETWORK_ACCESS_AND_SUBPROCESS] expected: Scripts use HTTP calls (Jackett/qBittorrent) and spawn subprocesses (subliminal) to download subtitles—this is expected for the stated functionality but expands the attack surface (remote hosts + subprocesses).
What to consider before installing
This package appears to do what it says (search torrents via Jackett, add to qBittorrent, download/upload subtitles via SMB), but there are red flags you should consider before installing or running it: - Hard-coded secrets: The bundle contains plaintext credentials and default API keys/URLs (SMB username/password, qBittorrent credentials, Jackett API key and 192.168.* address). Treat these as untrusted—they may be placeholders, but they could also belong to someone else, or be reused later. Replace or remove them and store real credentials in environment variables or a secure secret store. - Metadata mismatch: The registry metadata claims no required env vars/config paths, yet SKILL.md and the files expect and reference config/smb.env and many env variables. This inconsistency could cause accidental use of embedded defaults. Review SKILL.md and all config files and ensure no unwanted credentials remain. - Network effects and legality: The scripts will make network requests to local/Internet hosts and spawn subprocesses (subliminal uses external subtitle providers). Only run in an environment where these network accesses are allowed and legal (torrenting may be illegal in your jurisdiction). Consider running in an isolated network or VM first. - Audit and harden before use: Inspect the entire code bundle (you have it) and remove or rotate embedded credentials, confirm the Jackett/qBittorrent endpoints are yours, and prefer to set environment variables rather than use defaults. If you don't control the referenced SMB/qBittorrent/Jackett hosts, do not run the scripts. - If you need higher assurance: ask the publisher for provenance (who maintains this skill), confirm the embedded credentials are placeholders, and request an updated package that does not include secrets and that documents required env vars/config paths in metadata. Why suspicious not malicious: The code implements the described behavior and does not contain obvious exfiltration backchannels or obfuscated remote endpoints, but the inclusion of real-looking credentials and the metadata mismatch are significant coherence problems that could lead to credential misuse or accidental connection to unknown hosts. More information from the author (or removal/rotation of embedded secrets) could change this to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfrkq55dnzk992qarsc0m7182her6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments