FeiNiu NAS Download Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its NAS download-management purpose, but its shell script handles NAS/qBittorrent credentials and magnet-link input in ways that could expose access or let a crafted link run commands on the NAS.
Use this only if you trust the script and intend to give it SSH access to your NAS and qBittorrent admin access. Before using the add command, fix the magnet-link quoting issue, avoid storing the qBittorrent password directly in the script, and ensure session cookies are written securely and cleaned up.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed magnet link could cause the NAS to run unintended shell commands under the SSH user account.
The user-provided magnet link is interpolated into a remote shell command sent over SSH. A crafted value containing shell quote characters could break out of the intended curl argument and execute commands on the NAS.
ssh $NAS_HOST "... curl ... -X POST http://localhost/api/v2/torrents/add -d 'urls=$2'"
Do not pass untrusted input through a remote shell. Send the magnet link via stdin or a safely quoted argument, use curl --data-urlencode, validate allowed characters, and require explicit user confirmation before adding downloads.
The qBittorrent password or session cookie may be exposed to local or NAS-side process listings or other users with access to the temporary file, enabling unauthorized qBittorrent actions.
The script expects the qBittorrent password to be placed in the script and then embeds it in shell command arguments while creating a session cookie in a fixed temporary path.
QBT_PASSWORD="your_password" ... -d 'username=admin&password=$QBT_PASSWORD' -c /tmp/qbt_cookie
Use a safer credential mechanism such as an environment variable or secret store, avoid putting passwords in command arguments, create cookies with mktemp and restrictive permissions, and delete the cookie after each operation.
Installation may fail or behave differently depending on what tools are present, and users have limited provenance information beyond the included script.
The skill has no source or homepage provenance and does not declare required binaries, even though the included script depends on external command-line tools.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Inspect the script before use, verify it came from a trusted publisher, and ensure required tools such as ssh, scp, curl, and python3 are available.