ClawHub

nzbget

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks a user-configured NZBGet instance for status and queue information, with some credential-handling precautions users should understand.

Install only if you trust the environment where NZBGET_USER, NZBGET_PASS, and NZBGET_HOST are set. Prefer pointing NZBGET_HOST at localhost or a trusted private network, avoid exposing NZBGet over untrusted networks, and use HTTPS or a safer curl auth pattern if your NZBGet setup supports it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes a shell script (`bash scripts/check_nzbget.sh`) but does not declare any permissions for shell/code execution. Undeclared execution capability is risky because it hides the true trust boundary from the platform and reviewers, and shell-based skills often interact with environment variables and external services in ways that can expose secrets or enable command abuse if later expanded. In this context, the skill is meant to query NZBGet status, which makes shell access somewhat expected, but the lack of explicit permission declaration still weakens security review and containment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script constructs an HTTP URL containing the username and password and sends requests over plain HTTP. This exposes credentials to interception on the network and may also leak them through logs, process inspection, proxies, or error reporting because the secret is embedded directly in the URL.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal