ClawHub

Sonarr Fixed

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Sonarr control wrapper, but it can remove shows and optionally delete media files if an agent is allowed to run those commands.

Install only if you want an agent to manage your Sonarr library using your Sonarr API key. Confirm every remove action yourself, and treat --delete-files as destructive because it can delete associated media files through Sonarr.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly instructs users to run shell commands (`bash scripts/sonarr.sh ...`) but does not declare corresponding permissions/capabilities in its manifest. This creates a transparency and policy-enforcement gap: a reviewer or runtime may underestimate what the skill can do, even though it can invoke local scripts that interact with external services and potentially modify state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose says the skill searches for and adds TV shows, but the documented commands also support existence checks, configuration enumeration, removal, and optional file deletion. This mismatch is dangerous because it hides destructive capabilities behind a narrower description, increasing the chance that users or automated systems authorize the skill without realizing it can remove media and delete files.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata and description omit the documented removal capability, including an option to delete files. Omitting destructive behavior from the manifest weakens informed consent and security review, because consumers may treat the skill as read/add-only when it can also perform irreversible state changes.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it searches and adds TV shows, but the script also implements a remove command that can delete series and, with --delete-files, remove associated media files from Sonarr-managed storage. This hidden destructive capability increases the risk of user deception, unsafe agent invocation, and unintended data loss because consumers of the skill are not informed that deletion is possible.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The remove path performs an irreversible DELETE request and supports deleteFiles=true without any interactive confirmation, secondary flag validation, or safety interlock at execution time. In an agent setting, a mistaken parameter, prompt injection, or user misunderstanding could immediately remove shows and optionally erase files, causing avoidable data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal