Sabnzbd
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with SABnzbd download management, but its add-by-URL command can turn a crafted URL into local code execution.
Review this skill before installing. Its SABnzbd API-key use and queue controls are expected, but avoid using the add-by-URL feature with untrusted links until the unsafe Python URL-encoding command is fixed, and require confirmation for delete or purge operations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent adds a maliciously crafted NZB/indexer URL, code could run on the user's machine with the agent's local permissions.
The first command argument is inserted into Python source code instead of being passed as data. A URL containing a single quote and Python syntax could break out of the string and run commands locally.
cmd_add() {
local url="$1"; shift
...
encoded_url=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$url', safe=''))")Do not use add-by-URL with untrusted URLs until this is fixed. The script should pass the URL as an argument, for example `python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' "$url"`, and should validate allowed URL schemes.
An accidental or ambiguous request could remove downloads or clear the queue if the agent chooses a destructive command.
The skill exposes SABnzbd queue actions that can remove queued jobs and optionally delete files. This matches download management, but it is high-impact enough to require careful user intent.
./scripts/sab-api.sh delete <nzo_id> --files # Delete files too ./scripts/sab-api.sh purge # Clear queue
Require explicit user confirmation before `delete --files`, `purge`, `delete-history --files`, or other destructive queue-wide actions.
Anyone or any agent action using this key can view and mutate SABnzbd queue/history state according to the API key's privileges.
The skill requires a SABnzbd API key, which is expected for this integration but gives the skill authority to control the configured SABnzbd server.
Config: `~/.clawdbot/credentials/sabnzbd/config.json`
{
"url": "http://localhost:8080",
"apiKey": "your-api-key-from-config-general"
}Store the API key with restrictive file permissions, use a local or trusted SABnzbd URL, and rotate the key if it may have been exposed.
The skill may fail or behave differently on systems without those tools, and users may not see the dependency requirements before installing.
The included helper script depends on jq, curl, and python3, while the registry requirements declare no required binaries. This is an operational metadata gap rather than hidden installation behavior.
SAB_URL=$(jq -r '.url // empty' "$CONFIG_FILE") ... curl -sS "$url" ... encoded_url=$(python3 -c
Declare jq, curl, and python3 as required binaries or document the dependency expectations in the registry metadata.