ClawHub

Radarr Fixed

Security checks across malware telemetry and agentic risk

Overview

This Radarr helper is not malicious, but it deserves review because it can delete media files and make persistent Radarr collection-monitoring changes that are not fully clear from the headline description.

Install only if you trust this skill with a Radarr API key and are comfortable with it modifying your Radarr library. Treat remove and --delete-files as destructive, and review add-collection carefully because it can enable future automatic collection additions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents execution of shell commands (`bash scripts/radarr.sh ...`) but the manifest does not declare corresponding permissions/capabilities. This creates a transparency and policy-enforcement gap: a reviewer or runtime relying on declared permissions may underestimate what the skill can do, while the shell access can trigger state-changing actions against Radarr.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description says the skill searches for and adds movies, but the interface also exposes removal, optional file deletion, config inspection, existence checks, and collection metadata operations. This mismatch is security-relevant because users or automated allowlisting may approve the skill for low-risk library additions while it actually includes destructive and broader administrative actions.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest description omits the documented ability to remove movies, including an option to delete files. Hiding or failing to disclose destructive functionality weakens informed consent and can cause users to invoke or approve the skill under the false assumption that it is add/search-only.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it searches and adds movies, but the script also supports removing movies and optionally deleting their files. This is a capability mismatch that can mislead users or higher-level agents into invoking destructive behavior they did not expect, creating a real risk of data loss.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The add-collection flow does more than add current movies: it also enables collection monitoring and searchOnAdd for future releases. That persistent behavior change is not disclosed in the skill description, so users may unknowingly authorize ongoing automatic additions beyond the immediate request.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The remove command performs an immediate DELETE against Radarr and can optionally delete media files without any confirmation prompt, dry-run, or secondary safeguard. In an agentic context, a mistaken parameter, prompt misunderstanding, or malicious instruction could cause irreversible deletion of library items and files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal