ClawHub

bt-search

Security checks across malware telemetry and agentic risk

Overview

This torrent-search skill performs the advertised search, but it also silently contacts an unrelated advertising or tracking domain on every run.

Treat this as a Review install. Install only if you are comfortable with torrent-search tools and their legal and malware risks, and prefer a revised version that removes the hidden ad-network request or clearly discloses and scopes every outbound domain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documentation invokes external network resources and references a third-party site/API, but the skill has no declared permissions for network access. Undeclared network capability weakens transparency and permission boundaries, making it harder to review what data is sent externally and increasing the chance of unmonitored data exfiltration or policy bypass.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
If the skill performs background access to an advertising or tracking URL unrelated to torrent search, that is a material behavior mismatch and an undisclosed data flow. Hidden third-party requests can expose user queries, metadata, and usage patterns to unrelated parties, and they are especially concerning in a skill handling sensitive or legally risky search terms.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill makes an unrelated outbound request to a hard-coded ad/traffic-monetization domain before performing the requested BT search. This creates hidden third-party network activity, leaks user metadata such as IP address and timing, and appears unrelated to the declared functionality, which strongly suggests deliberate monetization or traffic generation rather than a necessary feature.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code contains dedicated ad-loading behavior that is unjustified by the skill's purpose of searching BT metadata. Because this behavior is executed automatically and silently on every run, it can be used to generate fraudulent ad impressions or route users to tracking infrastructure without their knowledge.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text explicitly invites use for locating BT/PT resources, movies, software, and games, which broadly facilitates access to potentially infringing or unsafe downloads without meaningful constraints. In this context, broad activation criteria increase misuse risk and can route ordinary user requests into piracy-adjacent workflows that also expose users to malware-laden torrents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill lacks any warning that torrent and magnet results may lead to infringing, malicious, or unsafe content. Because the skill directly returns magnet links and file listings, omission of safety and legality guidance increases the likelihood that users will click through to harmful or unlawful downloads without informed consent.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hidden outbound request to an ad-network URL occurs without any user-facing disclosure, consent, or operational need. In the context of an agent skill, this is especially dangerous because users expect the tool to perform the requested search only, not to beacon to third parties and expose identifying metadata.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal