emby-manager

Security checks across malware telemetry and agentic risk

Overview

This Emby administration skill is coherent, but it asks for broad API-key access and can expose private server, user, viewing, IP, and log data with limited credential-safety guidance.

Install only if you intend to let the agent administer your Emby server. Use a limited or temporary API key if possible, avoid sharing logs or viewing-history details unnecessarily, confirm any delete, restart, scan, or permission change carefully, and rotate the key after use if it was pasted into chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill explicitly mandates invocation for nearly any Emby-related mention, including vague conversational phrases. That broad routing can cause the agent to enter a privileged admin workflow unexpectedly, increasing the chance of unnecessary credential collection, disclosure of server state, or execution of sensitive management actions when the user did not clearly intend administration.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Single-word triggers like '扫描' or '整理' are ambiguous and can match ordinary conversation outside a clear Emby administration context. In a skill that can enumerate libraries and trigger backend jobs, ambiguous triggers increase accidental invocation and unintended operations.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The permissions module uses generic terms such as '用户' and '权限', which can collide with unrelated account-help requests. Because this module can inspect or change user policies, accidental routing could expose account status or lead to unauthorized-seeming administrative actions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Generic monitoring terms like '状态' and '健康' are too broad and can be triggered by ordinary requests unrelated to Emby. In this context, accidental invocation may still reveal operational details such as logs, active sessions, and system information that the user did not clearly request.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is designed to surface sensitive operational and personal data, including usernames, IP addresses, activity history, admin status, and account state, but it provides no user-facing privacy warning or minimization guidance. In a home NAS/media-server context, this can expose household viewing behavior and account details more broadly than users expect.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide explicitly recommends sending the Emby API key in the query string as the simplest authentication method. Query-string credentials are commonly exposed through browser history, reverse-proxy and web-server logs, referrer leakage, shell history, monitoring tools, and shared URLs, so documenting this as the default approach normalizes an insecure practice for a NAS/media-server management skill.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide explicitly tells users to provide a server address and API key so Claude can perform health checks, but it gives no warning about credential handling, scoping, redaction, or the sensitivity of the returned data. In this skill context, that is meaningfully risky because Emby API keys can grant broad access to server state, sessions, logs, and media metadata, so encouraging users to hand the key to an agent increases the chance of credential exposure and overcollection.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The troubleshooting steps recommend retrieving server logs via authenticated API calls without warning that logs often contain sensitive operational details such as internal paths, usernames, device information, plugin errors, or tokens. In an Emby management skill, this is more dangerous than generic documentation because the agent is positioned to fetch and inspect those logs directly, increasing the risk of unnecessary disclosure to the model or downstream systems.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The instruction to remember the server address and API key for the entire conversation encourages retention of sensitive credentials in natural-language context. That increases the risk of accidental reuse, leakage in later turns, or exposure through logs, summaries, or unrelated prompts within the same session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal