ClawHub

Moviepilot

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent MoviePilot integration, but its helper script can execute unintended local code when given crafted search text, so it should be reviewed before use.

Install only if you trust the MoviePilot server and can review or patch the helper script first. Use environment variables for credentials, avoid passing untrusted titles or keywords until the python3 -c encoding pattern is fixed, and require explicit confirmation before adding, updating, refreshing, or deleting subscriptions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The documentation adds torrent-resource searching, which goes beyond the stated manifest scope of searching/subscribing/managing MoviePilot media tasks. Scope expansion is dangerous because it can trigger behavior users and reviewers did not expect, and resource search may surface risky or policy-sensitive content.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
Including a login/token acquisition action in the script reference expands the skill into credential handling and session establishment beyond the manifest's user-facing purpose. This increases the risk of secret collection and misuse because the skill may prompt for usernames/passwords or manipulate tokens without clear scope disclosure.

Vague Triggers

Medium
Confidence
72% confidence
Finding
An overly broad trigger phrase can cause the skill to activate for loosely related or unrelated requests, increasing the chance of unintended tool use. In a skill with shell and network capabilities, accidental invocation can lead to unnecessary external calls or state-changing subscription actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs collection/use of API keys or bearer tokens but does not warn about sensitive credential handling, storage, or exposure risks. Because the skill performs authenticated API operations, mishandled secrets could allow unauthorized access to the user's MoviePilot instance and account actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API reference documents delete, stop, and other state-changing endpoints without any warning that they are destructive or operationally sensitive. In an agent/tooling context, this increases the chance that an LLM or integrator will invoke irreversible actions without confirmation, causing unintended cancellation of subscriptions or deletion of downloads.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends passing API keys and tokens in query parameters, which are commonly exposed in browser history, logs, proxies, monitoring tools, and referrer headers. This creates unnecessary credential leakage risk compared with header-based authentication.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal