Skillv1.0.0

ClawScan security

Pt Site · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 6:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior broadly matches its stated purpose (searching/downloading torrents and adding them to qBittorrent) but there are several inconsistencies and missing declarations around where credentials come from and which helper tools/scripts are required.
Guidance: This skill largely does what it says (search a NexusPHP tracker, download .torrent files, add to qBittorrent) but there are some practical and privacy concerns you should address before installing: - Confirm where your tracker credentials/cookies will be stored: SKILL.md and the script expect ~/.clawdbot/credentials/pt-site/sites.json containing cookie values (c_secure_uid / c_secure_pass). That file contains sensitive authentication tokens; only use this skill with trackers you trust and store the file with restrictive permissions (chmod 600). - The skill metadata did not declare required config paths or binaries. The included script requires jq and the instructions call curl and a qBittorrent helper script (./scripts/qbit-api.sh) which is not bundled. Install jq and ensure qbit-api.sh exists and is trustworthy before running the skill. - Review the qbit-api.sh helper and any other referenced scripts (not provided here) to ensure they do not exfiltrate secrets or send data to unexpected endpoints. - Because the skill sends authentication cookies in HTTP requests, be mindful of network monitoring and avoid running this with untrusted proxies or networks. - If you need higher assurance: ask the skill publisher for a homepage or source repository, request they declare required config paths/binaries in metadata, and provide the qBittorrent helper or integration details so you can audit all code that will run. If the author supplies an explicit list of required binaries (jq, curl), declares the credential file path in metadata, and either bundles or documents the qBittorrent helper, confidence in this skill would increase. Without those clarifications, treat the skill as coherent but sloppy and proceed cautiously.

Review Dimensions

Purpose & Capability: noteName/description (search NexusPHP PT sites, download .torrent, add to qBittorrent) aligns with the instructions and included script. However the skill expects and instructs use of a local credentials file (~/.clawdbot/credentials/pt-site/sites.json) containing authentication cookies and references an external qbittorrent helper script (./scripts/qbit-api.sh) that is not included — both are reasonable for this purpose but were not declared in the metadata (no required config paths or binaries listed).
Instruction Scope: concernSKILL.md explicitly instructs the agent to load sensitive cookies from ~/.clawdbot/credentials/pt-site/sites.json and to send them in HTTP requests (curl -H 'Cookie: ...'). The included script reads that same file. The skill does not instruct any exfiltration beyond contacting the PT site, but the credential file path is referenced in instructions even though the skill metadata did not declare any required config paths. The skill also references invoking browser/web_fetch and a qBittorrent helper script not bundled here.
Install Mechanism: okNo install spec (instruction-only) and only a small helper script are included — no remote downloads or package installs. This is low risk from an installation perspective.
Credentials: concernThe skill requests no environment variables, but it requires access to a local credentials file that contains authentication cookies (sensitive secrets). This config path was not declared in the skill's metadata. The script also depends on jq (and expects curl/qbittorrent helper) but the registry metadata lists no required binaries. That mismatch can lead to unexpected behavior or accidental exposure of secrets if users are unaware.
Persistence & Privilege: okThe skill is not marked always:true and doesn't request persistent system-wide privileges. It does not modify other skills or system settings. Autonomous invocation is allowed (default), which is normal.