v0.1.0

Qbittorrent Api

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

The skill is mostly a coherent qBittorrent API reference, but it includes an unsafe `.env` sourcing pattern and gives the agent high-impact qBittorrent control using local credentials.

GuidanceReview before installing. Only use it with a qBittorrent instance you control, do not copy the sample password, avoid storing secrets in `CLAUDE.md`, replace `source .env` with safe key parsing, protect or remove the cookie file, and require explicit confirmation for delete, shutdown, bulk, settings, and path-changing actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

source .env 2>/dev/null || true

The documented authentication pattern shell-sources the project `.env` file before API use. Sourcing a file executes shell content from that file, which is broader than safely parsing `QB_URL`, `QB_USER`, and `QB_PASS`.

User impactA malicious or malformed `.env` file in the project could run shell commands when the user only intended to load qBittorrent connection settings.

RecommendationDo not `source` project `.env` files. Parse only the required keys safely, or require the user to export the variables in a trusted shell before using the skill.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

删除种子 | `/delete` | POST | `hashes`, `deleteFiles` ... 关闭 | `/shutdown` | POST

The skill documents raw qBittorrent API operations that can delete torrents and files or shut down the application. These actions fit the stated purpose, but they are high-impact.

User impactIf invoked carelessly, the agent could remove downloaded files, alter download behavior, or shut down qBittorrent.

RecommendationRequire explicit user confirmation before delete, shutdown, bulk pause/resume, settings, path, RSS, tracker, or file-moving operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

QB_USER="admin"; QB_PASS="123123" ... COOKIE_FILE="/tmp/qb_cookies.txt"

The skill uses qBittorrent credentials and stores an authenticated cookie file. This is expected for the Web API, but it grants control over the configured qBittorrent instance and the registry metadata declares no primary credential.

User impactAnyone with access to the credentials or cookie may be able to control the qBittorrent Web API for that instance.

RecommendationUse a strong non-example password, restrict access to the `.env` and cookie file, avoid committing credentials, and scope the qBittorrent account to the minimum needed access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

优先级顺序：1. 项目目录的 `.env` 文件（默认） 2. 项目 `CLAUDE.md` 文件 3. 询问用户提供

The skill allows qBittorrent connection configuration to come from `CLAUDE.md`, which is also a persistent project instruction/context file.

User impactStoring API connection details in project instructions can make them persist across tasks or allow project content to steer which qBittorrent server the agent controls.

RecommendationKeep secrets and connection settings in a protected `.env` or approved secret store, not in `CLAUDE.md`; verify the target URL before performing actions.