TorrentClaw

Security checks across malware telemetry and agentic risk

Overview

TorrentClaw openly searches torrents and can add a selected magnet to local torrent software; I found no hidden malicious behavior, but downloads and tracking have real privacy, legal, and system-impact risks.

Install only if you want your agent to send media/torrent searches to TorrentClaw and optionally interact with Transmission or aria2. Confirm the exact torrent, file size, legality, and download location before allowing any add or download action, and use an API key only if you need higher rate limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions while clearly instructing the agent to execute shell commands, perform network requests, and invoke local scripts that can inspect the host and modify local torrent clients. This permission gap is dangerous because it hides system-impacting capabilities from policy and user review, increasing the chance of unconsented command execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The documented behavior goes beyond simple torrent search by probing the local environment, detecting installed clients/OS details, and initiating local download actions. A description-behavior mismatch is risky because reviewers and users may approve the skill for passive search while it actually performs host reconnaissance and state-changing actions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The README encourages invocation via ordinary conversational requests like 'Find me Inception in the best quality' and 'Search for sci-fi movies from 2023 in 4K,' which are broad enough to overlap with normal user chat. In agent environments that auto-route skills from natural language, this increases the chance of unintended activation of a torrent-searching and download-capable skill, especially because the skill can progress from search to client interaction.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README advertises that the skill can detect local torrent clients and add magnet links directly, but it does not warn that this causes a system-modifying side effect on the user's machine or local services. In the context of a torrent skill, this is more dangerous because accidental activation can immediately enqueue downloads, create legal/privacy exposure, consume bandwidth/storage, and interact with locally running services without an explicit informed consent step.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation phrasing is broad enough to trigger on ordinary media-related requests, increasing the chance that the skill runs in contexts where the user only wanted information, not torrent acquisition or local client interaction. Because this skill can execute shell commands and initiate downloads, overbroad triggering materially raises misuse and surprise-execution risk.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises automatic torrent-client detection and starting downloads without a prominent warning or explicit opt-in before system inspection and download initiation. This is dangerous because it can alter the user's system state and network activity unexpectedly, including contacting local services and beginning potentially sensitive transfers.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The documentation directs the skill to send analytics and tracking data such as search-source headers and post-selection tracking without a clear privacy notice or consent flow. Even if limited, these outbound signals can reveal user interests, selected content, and usage patterns to the external service.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation provides ready-to-run commands that search for copyrighted media and directly add magnet links to local torrent clients or download .torrent files, but it includes no warning about legal risk, policy restrictions, or the operational impact of starting downloads on the user's machine. In this skill's context, that omission is more dangerous because the skill is explicitly designed to help find and download movies and TV shows, increasing the likelihood of facilitating unauthorized content acquisition and unintended local actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal