Overseerr

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Overseerr integration that uses a user-supplied API key and URL for search, requests, status checks, and optional polling.

Install only if you trust the configured Overseerr instance and are comfortable granting the API key's permissions to this skill. Use search first for ambiguous titles, stop the monitor when finished, and avoid piping monitor output into shared logs if request metadata may be sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script continuously polls the Overseerr API and emits the full request object `r` to stdout on every detected change. Request records can contain sensitive operational or personal data (such as requester identity, media details, timestamps, and other embedded fields), and sending the entire object to logs or downstream consumers increases the risk of unintended disclosure, especially in shared terminals, log collectors, or automation pipelines.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal