Readarr

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Readarr helper that uses a local API key to manage an ebook/audiobook library, with normal but security-relevant library-changing powers.

Install only if you want an agent to use your Readarr API key to view and change your library and trigger searches/downloads. Keep the API key private, restrict the key file permissions, avoid exposing it in prompts or logs, and explicitly confirm deletions, queue removals, and broad search commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs storing and loading a long-lived API key from a predictable filesystem path without any guidance on file permissions, secret rotation, or avoiding accidental disclosure. While this is normal operational documentation, it increases the chance of credential exposure through weak local permissions, shell history, backups, or reuse by other processes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The API reference explicitly documents destructive operations such as DELETE endpoints, queue removal, and commands that can trigger system-wide actions, but it does not warn the agent or user that these actions modify state or may be irreversible. In an agent skill context, this increases the chance of unsafe execution from ambiguous prompts, accidental tool use, or prompt-injection-style coercion into making harmful API calls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal