Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FeiNiu NAS Download Manager
v1.0.0Manage qBittorrent download tasks on 飞牛NAS - list torrents and add magnet links
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code: the script uses SSH + qBittorrent API to list/add torrents. However the registry metadata declares no required credentials or binaries even though the script clearly depends on SSH/scp/curl/python3 and needs SSH access plus the qBittorrent password. Those undeclared dependencies are a coherence concern.
Instruction Scope
SKILL.md instructs running the bundled script and editing variables in the script. The instructions do not ask to read unrelated files or contact external services beyond the NAS. However the runtime implicitly uses the user's SSH keys (via ssh/scp) and will send the qBittorrent password to the NAS; SKILL.md does not declare or describe how credentials are provided securely.
Install Mechanism
No install spec; this is an instruction-only skill with one script file. Nothing is downloaded from external URLs and nothing in the install step writes unexpected system-wide files outside the skill folder, so install risk is low.
Credentials
The skill declares no required environment variables or primary credential, but the script requires SSH key access to the NAS and a qBittorrent password (QBT_PASSWORD) which is currently hard-coded in the script. Requesting these secrets without declaring them is disproportionate and increases risk of accidental credential exposure.
Persistence & Privilege
always:false and it does not request system-wide changes nor modify other skills. Autonomous invocation is allowed (platform default); this is normal but combined with the undeclared credentials it increases potential impact if the agent invokes the skill without explicit user consent.
What to consider before installing
What to consider before installing:
- The script does what it says (contacts your NAS over SSH and controls qBittorrent), but it needs access to your SSH keys and your qBittorrent password. The skill metadata does not declare these requirements — treat that as a red flag.
- Inspect and edit nas-download.sh yourself before use: change the hard-coded QBT_PASSWORD and NAS_HOST to safe values, or better, modify the script to read the password from a protected environment variable or prompt rather than storing it in plaintext.
- Ensure ssh/scp/curl/python3 exist and that your SSH keys are locked and only used intentionally. Running the script will use whatever SSH credentials the environment provides (SSH agent or ~/.ssh keys).
- Do not enable autonomous invocation unless you trust the skill owner and have removed plaintext credentials; consider restricting the skill to user-invoked only.
- If you accept the skill, verify the NAS host/IP is correct and that the script's network actions are limited to that host (it only uses SSH to the NAS and curl to the local qBittorrent socket on the NAS). If you need stronger assurance, run the script locally yourself (not via an agent) after auditing it.
- If anything is unclear (why credentials aren’t declared, who published the skill), prefer not to install or ask the publisher for clarification.Like a lobster shell, security has layers — review code before you run it.
latestvk9712smjyfdgggbd4nffv25q2183zmwn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.