Security audit

magnet-search

Security checks across malware telemetry and agentic risk

Overview

This skill is a torrent magnet search tool with under-disclosed external searches and unsafe HTTPS handling, so it belongs in Review rather than automatic install.

Install only if you intentionally want a torrent-search tool and understand the legal and privacy implications. Treat all magnet links as untrusted, avoid copyrighted material unless you have rights to access it, and prefer a version that lists every contacted provider and keeps HTTPS certificate validation enabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises live queries to third-party torrent indexes such as ThePirateBay and Nyaa, which is a network capability, but no corresponding permission declaration is present. This creates a transparency and consent problem: users and hosting platforms may not realize the skill will transmit search terms and metadata to external services, increasing privacy, policy, and compliance risk.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The code globally disables TLS certificate validation by setting check_hostname to False and verify_mode to CERT_NONE for all HTTPS requests. This permits man-in-the-middle interception or tampering of responses from external torrent APIs, allowing an attacker on the network path to inject malicious results, alter metadata, or redirect requests without detection.

Vague Triggers

High

Confidence: 95% confidence
Finding: The invocation examples directly map ordinary user requests like '帮我找《XXX》的下载资源' to a skill that searches pirate torrent indexes and returns magnet links. Because these examples are broad and natural-language friendly, they lower friction for copyright infringement and make it easy to trigger the skill in contexts that appear to request illegal downloads.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The disclaimer discusses legality and copyright but omits that using the skill sends queries to third-party torrent indexes, potentially exposing user IP, search terms, and interest patterns. In a torrent-search context, this omission is more dangerous because users may reasonably expect a simple lookup tool, not realize the privacy sensitivity of querying pirate-adjacent services, and fail to take protective measures.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The manifest description is overly broad and frames the skill as a general-purpose magnet/torrent search tool without meaningful scope restrictions, safety boundaries, or compliance constraints. In this context, that is risky because the listed APIs are well-known public torrent indexes frequently used to locate copyrighted content, so broad invocation criteria can cause the agent to route users into high-risk piracy-related workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal