Back to skill

Security audit

Stremio Casting

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its casting purpose, but it has under-disclosed network and browser-security behavior that users should review before installing.

Review before installing. Change the script to your trusted local Stremio service, remove or justify the disabled browser protections, avoid logging full stream URLs, and confirm the selected title and Chromecast device before casting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly documents invoking a local Python script and using the external `catt` command, which are shell-capable actions, but it declares no permissions or equivalent safety boundaries. This creates a trust gap: an agent may execute local commands or interact with networked casting devices without clear user-visible authorization, increasing the risk of unintended command execution or device misuse.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill launches a browser to a third-party Stremio service and drives playback discovery without any explicit consent, trust boundary notice, or restriction on what remote content and metadata may be contacted. In this context, user search terms, browsing actions, and playback-related network requests may be disclosed to external infrastructure, which is a meaningful privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script intercepts requests and prints the discovered stream URL directly to logs. Playback URLs often contain sensitive tokens, internal endpoint details, or identifiers that could allow reuse by other local users, log collectors, or downstream systems, so exposing them in plaintext creates avoidable credential and privacy leakage.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.