Back to skill

Security audit

Sabnzbd

Security checks across malware telemetry and agentic risk

Overview

This SABnzbd skill mostly does what it says, but it needs Review because a crafted add-URL input can execute local code and destructive actions lack clear safeguards.

Install only if you are comfortable letting an agent control your SABnzbd instance. Keep the API key file private, prefer local/HTTPS access, confirm any delete, purge, delete-history, retry-all, or script/category change before running it, and avoid untrusted or unusual add-URL strings until the URL encoding bug is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents use of shell scripts and network access to a local SABnzbd REST API, but does not declare corresponding permissions. Hidden or undeclared capabilities reduce transparency and can cause an agent to invoke networked or shell-based actions without appropriate policy review. In this context, the actions can modify download state and consume trusted local credentials, so the omission is security-relevant rather than purely informational.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description emphasizes routine management such as checking status, listing queues, adding NZBs, and pausing/resuming downloads, but the documented behavior includes additional destructive and administrative operations like purge, delete-history, changing scripts, and speed/category/script modifications. This mismatch can mislead users or policy systems into authorizing a broader and riskier command set than expected. Because SABnzbd actions affect local download workflows and stored data, the gap materially increases the chance of unintended destructive actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The queue control section documents delete and purge operations, including deleting files, without any warning or confirmation guidance. These are destructive actions that can remove queued jobs and potentially associated files irreversibly, making accidental invocation harmful. In an agent setting, terse command examples without safeguards increase the risk of unintended data loss.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The history deletion command is presented without warning that it removes records and may not be recoverable. While this is less severe than deleting active jobs or files, it can still erase operational audit/history information and hinder troubleshooting or accountability. In a tool-driven workflow, omission of a warning makes accidental cleanup more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The helper constructs GET request URLs containing the SABnzbd API key in the query string. Query parameters are commonly exposed via process listings, shell history, proxy/server logs, browser or tooling diagnostics, and error telemetry, so the credential can be leaked beyond its intended scope. In this skill context, the script is for operational download management rather than a high-assurance secret-handling workflow, which makes the leakage risk more concerning because users may run it casually without realizing the key is being propagated in URLs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.