Back to skill

Security audit

nzbget

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do only what it advertises: query a user-configured NZBGet server for download status, though its credential transport should be treated carefully.

Install only if you are comfortable giving the skill access to NZBGET_USER, NZBGET_PASS, and NZBGET_HOST. Prefer localhost or a trusted LAN target, avoid exposing NZBGet over untrusted networks, and consider changing the script to use HTTPS and curl authentication options instead of embedding credentials in the URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill invokes a shell script (`bash scripts/check_nzbget.sh ...`) but does not declare any corresponding permissions or execution capability in its metadata. Undeclared shell access is risky because it hides the true trust boundary of the skill, and if the script later incorporates user-controlled input or environment manipulation, it could enable command execution or sensitive data exposure without clear review signals.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script constructs an HTTP URL containing embedded credentials and sends requests to the NZBGet API over plain HTTP. This exposes the username and password to interception on the network and may also leak them via logs, process inspection, proxies, or error reporting because credentials are placed in the URL rather than a safer auth mechanism.

External Transmission

Medium
Category
Data Exfiltration
Content
# Helper function to make NZBGet API calls
nzbget_api() {
    local method="$1"
    curl -s -X POST -H "Content-Type: application/json" \
        -d "{\"method\": \"${method}\", \"id\": 1}" \
        "$URL" 2>/dev/null
}
Confidence
90% confidence
Finding
curl -s -X POST -H "Content-Type: application/json" \ -d

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.