ClawHub

Sabnzbd

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but its helper script has an unsafe URL-handling bug that could let a crafted input run local code.

Review before installing. Only use it with a SABnzbd instance and API key you control, keep the credential file private, and avoid passing untrusted or unusual URL strings to the add command until the URL encoding bug is fixed. Confirm any delete, purge, or delete-history action before allowing an agent to run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to place a long-lived SABnzbd API key in a plaintext config file and also suggests exporting it as an environment variable, without any security guidance. If the file permissions are weak, the home directory is backed up/shared, shell history is captured, or environment variables are exposed to other local processes, the API key could be stolen and used to control SABnzbd, including adding or deleting jobs and viewing history.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented queue operations include destructive commands such as delete and purge, including an option to delete files, without any warning, guardrail, or confirmation requirement. In this context, the skill manages live download jobs, so accidental or socially engineered use could interrupt downloads, remove queued work, or delete associated files.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The history section documents deleting history entries without warning that this removes operational records and may be irreversible. While less severe than deleting queued jobs or files, it can still impair auditability, troubleshooting, and user awareness of prior download outcomes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal