ClawHub

Qbittorrent Api

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only qBittorrent API skill whose risky parts are disclosed and purpose-aligned, though its credential examples and mutating API guidance should be handled carefully.

Install only if you want an agent to help operate your qBittorrent Web API. Replace all sample credentials, keep .env out of version control, avoid letting the skill inspect unrelated secrets, and require explicit confirmation before deleting torrents or files, using hashes=all, shutting down qBittorrent, changing global preferences, or installing/removing search plugins.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to read secrets from local `.env` and `CLAUDE.md` files before performing actions. That expands the skill from API usage guidance into credential discovery and secret handling, which is risky because it encourages collection of local sensitive data not strictly necessary unless the user has explicitly authorized it.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script template contains fallback defaults for `QB_URL`, `QB_USER`, and `QB_PASS`, including a hardcoded admin username and plaintext password. Hardcoded credentials are dangerous because they can be reused unintentionally, normalize insecure secret handling, and may lead to unauthorized access if copied into real environments.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README describes very broad activation conditions such as adding torrents, checking status, and qBittorrent automation without clearly constraining when the skill should be invoked or requiring explicit confirmation before state-changing actions. In an agent setting, this increases the chance the skill is triggered for ambiguous requests and performs networked or download-management actions the user did not intend.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README includes examples for adding torrents, pausing downloads, and setting filesystem save paths, but does not prominently warn that these actions modify application state, consume bandwidth/storage, and can affect local filesystems. In an autonomous or semi-autonomous agent workflow, omission of such warnings can lead to unintended operational impact if examples are copied or actions are inferred from natural-language prompts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The examples show plaintext qBittorrent credentials directly in a `.env` snippet, including an obvious password value. Even if illustrative, publishing usable secret patterns without safety warnings encourages insecure storage, accidental commits, and credential leakage through logs, screenshots, or copied examples.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal