ClawHub

Lidarr

Security checks across malware telemetry and agentic risk

Overview

This Lidarr skill is a disclosed media-library management helper, but users should be careful because it can change the library and delete media files when explicitly commanded.

Install only if you want an agent to manage your Lidarr library using your Lidarr API key. Keep the config file private, verify the configured Lidarr URL, and require explicit user confirmation before running add, monitor, refresh, remove, or especially remove --delete-files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documents shell execution (`bash scripts/lidarr.sh ...`) but does not declare corresponding permissions. This creates a transparency and governance gap: reviewers or users may approve the skill without realizing it can execute shell commands that interact with local tools and external services. In an agent environment, undeclared execution capability increases the risk of unintended command execution or privilege overreach.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The manifest and description frame the skill as searching for and adding music, but the documented behavior also includes removal, optional file deletion, configuration exposure, and library management actions. This mismatch can cause users or automated policy systems to grant trust based on an incomplete description, while the skill actually supports destructive and more sensitive operations. The context makes this more dangerous because media-library skills are often treated as low risk, yet this one can delete content and reveal system configuration.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description omits that the skill can remove artists and optionally delete files from disk. Hiding or failing to disclose destructive behavior is dangerous because operators may invoke or approve the skill under the assumption that it is add-only, leading to accidental data loss. In this context, deletion of media files is a real integrity risk even if the author likely intended normal library management.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The top-level documentation says the skill adds music, but later documents deletion commands including file removal. That inconsistency can mislead users and downstream tooling about the true risk profile, increasing the chance of unintended destructive use. Because the skill manages a persistent media library, misleading docs materially raise the likelihood of accidental loss.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill description says it searches and adds music, but the script also supports removing artists and optionally deleting Lidarr-managed files. This hidden destructive capability increases the chance that an agent or user invokes dangerous behavior without informed consent, causing unintended media loss.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest omits state-changing operations such as monitoring albums and refreshing metadata, while the script can modify library state. This mismatch can mislead orchestration layers or users into treating the skill as read-only/search-oriented when it actually performs writes.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Optional file deletion is not justified by the stated purpose of searching and adding music, and it enables permanent destructive actions against Lidarr-managed storage. In an agent setting, hidden deletion features are especially risky because they may be invoked through prompt confusion, overbroad tool selection, or malicious user steering.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented `remove --delete-files` command is destructive but lacks a strong warning, safeguard, or confirmation requirement. This is dangerous because a user or agent could interpret removal as only deleting a Lidarr entry, when it may also erase media files from disk, causing irreversible data loss. In a skill intended for routine media management, that ambiguity makes accidental exploitation more likely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script issues a DELETE request immediately, including an option to delete files, without any confirmation prompt, dry-run, or secondary authorization check. This makes accidental or induced destructive actions much more likely and reduces opportunities to prevent irreversible loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal