Back to skill

Security audit

Download Anything

Security checks across malware telemetry and agentic risk

Overview

This download helper is coherent, but its very broad scope, browser-cookie use, piracy-oriented source guidance, and unsafe daemon example warrant review before installation.

Install only if you intend to use command-line download tools and will limit use to content you are authorized to access. Run the installer manually, avoid exporting or reusing browser cookies unless you understand the account risk, do not run the aria2 RPC listen-all example as written, and verify files from unofficial sources before opening or installing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell commands and bundled scripts (`bash scripts/install-toolkit.sh`, multiple `scripts/*.sh`) but does not declare permissions or boundaries for code execution. In an agent environment, this can lead to unexpected command execution, package installation, network access, and filesystem changes without explicit user or platform consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The file explicitly instructs users to use browser cookies to access and download members-only Bilibili content, which facilitates reuse of authenticated session data to bypass normal viewing restrictions. In a skill whose purpose is to help users find and download content broadly, this materially increases misuse risk and goes beyond benign cataloging of educational resources.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
Recommending `wget --mirror` to copy an entire web-based curriculum encourages bulk replication of a site rather than normal personal use of course materials. While not inherently credential-related, it can enable excessive scraping, copyright infringement, or violation of platform usage limits.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are extremely broad ('virtually any digital resource', 'any task involving finding or downloading digital content'), making it likely the skill will trigger for many routine requests. That increases the chance an agent will invoke downloading, torrents, or scraping workflows in contexts where they are unnecessary, risky, or contrary to policy.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly promotes downloading torrents, cloud-drive resources, ebooks, movies, TV shows, music, software, and using mirror/domain-rotation techniques, yet provides no warnings or safeguards around copyright infringement, malware, privacy leakage, or system/network impact. In this context, the breadth of content acquisition and references to resilient mirrors/search techniques make misuse substantially more likely, including piracy, unsafe software downloads, and retrieval from untrusted sources.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section explicitly lists shadow libraries such as Anna's Archive, Z-Library, and LibGen and gives operational guidance for locating working mirrors. In the context of a skill whose purpose is to help users download "virtually any digital resource," this materially facilitates copyright infringement and exposes users to legal, malware, phishing, and privacy risks without any warning or safer alternatives.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Sci-Hub entry and the DOI-to-PDF workflow directly instruct users to use a piracy site first to bypass publisher paywalls. That is dangerous because it encourages unauthorized access to copyrighted material and omits warnings that such domains frequently rotate and may expose users to tracking, malicious redirects, or legal consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file recommends torrent-based audiobook and manga/comics sources without warning users about copyright liability, peer-to-peer IP exposure, and the elevated chance of downloading malicious or mislabeled files. In a skill centered on finding downloadable media, that omission makes unsafe and potentially illegal acquisition paths seem routine and endorsed.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The download tips operationalize legally risky behavior by telling users to check Anna's Archive, LibGen, and Z-Library first for textbooks and to use a Sci-Hub DOI pipeline. This goes beyond neutral reference material and actively prioritizes piracy-oriented sources, increasing the likelihood that users will obtain copyrighted content unlawfully and encounter unsafe sites.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance to use `--cookies-from-browser` omits any warning that browser cookies are sensitive authenticated session artifacts and that exporting or reusing them can expose account access. Without caveats, users may handle credentials unsafely or apply the method to content they are not authorized to download.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Recommending third-party tools like `coursera-dl`, `edx-dl`, or yt-dlp for enrolled-platform content without warnings can normalize use of unofficial tooling that processes account-authenticated content and may violate platform restrictions. This creates both account-safety and policy-evasion risk in a skill already centered on downloading resources from many sources.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document gives actionable instructions for extracting and downloading music from third-party services using tools like yt-dlp, spotDL, cloud-search resources, and workaround-style guidance, without any restriction to authorized, licensed, or user-owned content. In this skill's context—whose stated purpose is to 'download virtually any digital resource'—that omission materially increases the risk of facilitating copyright infringement and terms-of-service evasion at scale.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section explicitly teaches users how to bypass Google Drive's large-file warning and retrieve files despite Google's safety/interstitial check, but it does not pair that guidance with warnings about malware, provenance, or trust validation. In a skill whose purpose is to help users download virtually any resource from the internet, that omission materially increases the chance of unsafe downloads and normalizes evasion of a security control.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file documents use of browser cookies and cookie files for authenticated downloads without any warning that these credentials may grant access to private account data, paid content, or active sessions. In an agent skill focused on downloading arbitrary internet resources, this materially increases the chance that users or downstream agents will expose sensitive session data or misuse account authentication in unsafe ways.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The OAuth setup section instructs users to authorize third-party access for services like Reddit, Flickr, and Tumblr without warning that OAuth grants may expose private account data or persist beyond the immediate task. Because this skill is designed for broad resource acquisition, users may be encouraged to connect personal accounts without understanding the privacy and account-security consequences.

Missing User Warnings

High
Confidence
98% confidence
Finding
The aria2 RPC daemon example includes `--rpc-listen-all=true` and `--rpc-allow-origin-all=true`, which can expose a remotely reachable download-control interface without authentication or origin restrictions. If copied into a real environment, an attacker on the network could add, inspect, pause, or manipulate downloads, potentially turning the host into an abuse platform or enabling data exfiltration and SSRF-like fetches.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly recommends using `yt-dlp --cookies-from-browser chrome` to access members-only content, which encourages extraction and reuse of authenticated browser session material without any warning about credential sensitivity, scope, or safe handling. In an agent skill focused on downloading arbitrary internet content, this increases the chance that users or agents expose session cookies to local logs, subprocess history, or downstream services, enabling account compromise if mishandled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.