Sabnzbd
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sabnzbd Version: 1.0.0 The skill is designed to manage SABnzbd downloads via its REST API. It reads API credentials from a standard OpenClaw configuration path (`~/.clawdbot/credentials/sabnzbd/config.json`) or environment variables and uses `curl` to interact with the specified SABnzbd instance. The `SKILL.md` and `README.md` files provide clear, benign instructions for the agent and user, without any evidence of prompt injection attempts or instructions to perform unauthorized actions. The `sab-api.sh` script's functionality is entirely aligned with SABnzbd management, including adding local NZB files, which is a legitimate function, not an attempt at arbitrary file exfiltration. No malicious execution, persistence mechanisms, or unauthorized data exfiltration attempts were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent adds a maliciously crafted NZB/indexer URL, code could run on the user's machine with the agent's local permissions.
The first command argument is inserted into Python source code instead of being passed as data. A URL containing a single quote and Python syntax could break out of the string and run commands locally.
cmd_add() {
local url="$1"; shift
...
encoded_url=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$url', safe=''))")Do not use add-by-URL with untrusted URLs until this is fixed. The script should pass the URL as an argument, for example `python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' "$url"`, and should validate allowed URL schemes.
An accidental or ambiguous request could remove downloads or clear the queue if the agent chooses a destructive command.
The skill exposes SABnzbd queue actions that can remove queued jobs and optionally delete files. This matches download management, but it is high-impact enough to require careful user intent.
./scripts/sab-api.sh delete <nzo_id> --files # Delete files too ./scripts/sab-api.sh purge # Clear queue
Require explicit user confirmation before `delete --files`, `purge`, `delete-history --files`, or other destructive queue-wide actions.
Anyone or any agent action using this key can view and mutate SABnzbd queue/history state according to the API key's privileges.
The skill requires a SABnzbd API key, which is expected for this integration but gives the skill authority to control the configured SABnzbd server.
Config: `~/.clawdbot/credentials/sabnzbd/config.json`
{
"url": "http://localhost:8080",
"apiKey": "your-api-key-from-config-general"
}Store the API key with restrictive file permissions, use a local or trusted SABnzbd URL, and rotate the key if it may have been exposed.
The skill may fail or behave differently on systems without those tools, and users may not see the dependency requirements before installing.
The included helper script depends on jq, curl, and python3, while the registry requirements declare no required binaries. This is an operational metadata gap rather than hidden installation behavior.
SAB_URL=$(jq -r '.url // empty' "$CONFIG_FILE") ... curl -sS "$url" ... encoded_url=$(python3 -c
Declare jq, curl, and python3 as required binaries or document the dependency expectations in the registry metadata.