ClawHub

Stremio Unwatched

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it advertises, but users should review it because it can expose a Stremio auth token, start real torrent downloads, and delete calendar events without strong safeguards.

Review before installing. Treat the Stremio auth key as a secret, avoid exposing credentials in shared shells or logs, use --dry-run, --filter, and --limit before download commands, and only run --gcal-clear when you intentionally want to delete events from the dedicated Stremio TV calendar.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script accepts Stremio credentials from environment variables, which are commonly exposed to child processes, shell history wrappers, CI logs, crash dumps, and process-inspection tooling depending on how the script is launched. In an agent/automation context, this broadens the credential exposure surface beyond an interactive prompt and is not strictly necessary for the stated consumer-facing skill purpose.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented `--gcal-clear` operation removes all events from the dedicated Stremio TV calendar, but the skill text does not present an explicit destructive-action warning, confirmation requirement, or recovery guidance. Even if it avoids the default calendar, this can still cause unintended data loss if the wrong calendar is targeted, the user misunderstands the command, or synchronization metadata is incorrect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly supports printing the authKey to stdout, which makes the bearer token easy to capture through command substitution, shell history, terminal logging, agent transcripts, or pipeline logs. Because the authKey appears sufficient to authenticate API calls, accidental disclosure can allow account access without the password.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script can delete all events from the dedicated 'Stremio TV' Google Calendar immediately when run with --gcal-clear, with no confirmation, dry-run, or secondary safety check. This is a real destructive-action safety issue because accidental invocation, automation mistakes, or argument confusion can cause irreversible loss of calendar data in that calendar.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script retrieves an auth key from a companion helper and sends it to the Stremio central API to enumerate installed addons, but it does so without explicit user consent, disclosure, or controls around outbound credential use. In a skill that automates downloads, silently transmitting an authentication token to a remote service expands privacy and account-abuse risk if the environment, helper script, or destination are not fully trusted.

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Fetch user's installed addons (for stream resolution)
addons_resp=$(curl -sf -X POST "${STREMIO_API}/addonCollectionGet" \
  -H "Content-Type: application/json" \
  -d "$(jq -n --arg key "$AUTH_KEY" '{authKey: $key}')" 2>/dev/null)
Confidence
92% confidence
Finding
curl -sf -X POST "${STREMIO_API}/addonCollectionGet" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal