Back to skill

Security audit

Lidarr

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lidarr management skill, but it can modify the media library and delete files when explicitly commanded.

Install only if you want an agent to manage your Lidarr library using your Lidarr API key. Keep the config file private, verify the Lidarr URL, and require clear user confirmation before running add, monitor, refresh, remove, or especially remove --delete-files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The declared description understates the skill's actual capabilities: beyond searching and adding music, it can remove artists, optionally delete files, refresh metadata, enumerate library contents, and modify monitoring state. This mismatch can mislead users or policy systems about the skill's true authority, increasing the risk of unintended destructive or privacy-impacting actions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it only searches for and adds music, but the script also supports removing artists and optionally deleting their files. This capability mismatch is dangerous because users or higher-level agents may invoke the skill under false assumptions, leading to destructive actions that were not disclosed in the manifest.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script can modify existing library state by monitoring albums and re-monitoring artists, but the description only mentions searching and adding music. While less severe than deletion, this still performs write operations that may trigger downloads or alter user intent without clear disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents `remove <artistId> --delete-files` without an explicit warning that this can permanently delete media files. In an automation context, users may invoke documented commands verbatim, so the absence of a prominent warning and confirmation guidance materially increases the chance of accidental data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The remove command can delete artists and, with --delete-files, remove associated files without any interactive confirmation or strong warning. In agent-driven or automated contexts, a single mistaken invocation can cause irreversible data loss, especially because the destructive mode is just a simple flag.

External Transmission

Medium
Category
Data Exfiltration
Content
artistName=$(echo "$artist" | jq -r '.artistName')
    
    curl -s -X DELETE -H "$AUTH" "$API/artist/$artistId?deleteFiles=$deleteFiles" > /dev/null
    
    if [ "$deleteFiles" = "true" ]; then
      echo "🗑️ Removed: $artistName + deleted files"
Confidence
93% confidence
Finding
curl -s -X DELETE -H "$AUTH" "$API/artist/$artistId?deleteFiles=$deleteFiles" > /dev/null if [ "$deleteFiles" = "true" ]; then echo "🗑️ Removed: $artistName + deleted files" else

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.