ClawHub

Qbittorrent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent qBittorrent management skill, but it needs review because it can delete torrent data and stores a reusable WebUI session cookie in a predictable temporary file.

Install only if you intend to let the agent control your qBittorrent WebUI. Use a strong non-default WebUI password, prefer localhost or HTTPS, protect the config file, override QBIT_COOKIE to a private 0600 path if possible, and require explicit confirmation before delete, delete --files, all-target, preferences, or speed-limit changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell-capable operations but does not declare any permissions, which hides its true execution capabilities from reviewers and policy enforcement. Even though the documented purpose is qBittorrent management, using shell without explicit permission metadata increases the risk of unexpected command execution and weakens least-privilege controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The declared description understates the full set of supported operations, including preference reads, tracker inspection, tag/category changes, rechecks, and global speed limit changes. This mismatch can mislead users and security reviewers about the skill's actual authority, making higher-impact administrative actions easier to trigger without informed consent.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The script exposes administrative capabilities beyond basic torrent lifecycle management, including reading full application preferences and changing global speed limits. In an agent context, this expands the skill's authority and can disclose sensitive configuration or alter service-wide behavior in ways a user may not expect from the manifest description.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents destructive deletion, including deleting torrent data files, without any warning, confirmation, or safety guidance. In this context, torrent payloads may represent large or hard-to-replace datasets, so a mistaken or manipulated invocation can cause immediate irreversible data loss.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The qBittorrent session cookie is persisted to a predictable file under /tmp, which increases the chance of session theft or misuse by other local processes if file permissions or cleanup are not tightly controlled. In an automation environment, retaining reusable admin session state on disk broadens the attack surface beyond the lifetime of a single command.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal