Back to skill

Security audit

1lou Search

Security checks across malware telemetry and agentic risk

Overview

This looks like a personal media-download helper, but it exposes a qBittorrent password and gives agents control over a private download server.

Only use this in a private, controlled environment after removing and rotating the embedded qBittorrent password. Configure credentials through a secret store or prompt-time input, restrict downloads to a dedicated temp folder, confirm every torrent and destination path, and add clear controls to view and delete the watchlist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill advertises a manual search-and-download function, but it also persists a drama watchlist and enables future tracking behavior via a local JSON file. This expands the skill from one-time user-directed actions into ongoing stateful monitoring, which increases privacy and system-impact risk and can lead to actions the user did not explicitly request each time.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The documentation strongly constrains network access to a fixed set of 1lou domains during availability checks, but later instructs the agent to authenticate to and control a separate qBittorrent host on the local network. That discrepancy can mislead reviewers and users about the actual network reach of the skill, reducing transparency around internal service access and download execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill contains hardcoded credentials, performs authenticated network operations, downloads files, and writes to specific filesystem paths without any explicit warning about security, privacy, or operational impact. This is dangerous because anyone with access to the skill file can recover the qBittorrent credentials and use them to manipulate the download service or learn sensitive details about the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.