Dygod Movies
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its movie-search/download purpose, but it includes a hard-coded Synology NAS login and raw NAS task-management commands that need review before use.
Only use this skill after removing the embedded NAS credentials and configuring your own Synology details securely. Confirm every download or deletion before allowing it, and verify that the media sources and destinations are appropriate for your device.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are real or reused, installing or sharing the skill could expose access to a Synology NAS account and allow unauthorized download management.
The skill publishes a specific private NAS address together with a concrete account name and password for Synology DownloadStation login.
curl.exe -s "http://192.168.123.223:5000/webapi/entry.cgi?...&account=xiaoai&passwd=Xx654321&session=DownloadStation&format=sid"
Remove hard-coded credentials, rotate the password if it is real, and require users to provide their own NAS endpoint and credentials through a secure credential/config mechanism.
A user or agent could start large downloads, place files into NAS folders, or delete download tasks if these commands are used without careful confirmation.
The skill documents raw Synology DownloadStation API calls that can create and delete NAS download tasks using a session ID.
method=create&uri=magnet:?xt=urn:btih:XXX&destination=video/电影&_sid=YOUR_SID ... method=delete&id=TASK_ID&force_complete=false&_sid=YOUR_SID
Require explicit user confirmation showing the exact title, URI, destination, and action before creating or deleting any NAS task; avoid deletion actions unless the user specifically requests them.