ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawd qBittorrent

v1.0.0

Manage torrents with qBittorrent. Use when the user asks to "list torrents", "add torrent", "pause torrent", "resume torrent", "delete torrent", "check downl...

0· 53·0 current·0 all-time
by@ricanwarfare
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files and script implement qBittorrent WebUI actions (list, add, pause, resume, delete, speed limits, etc.), which matches the skill name and description. However, the README and SKILL.md differ about the credentials path (~/.clawdbot vs ~/.openclaw), and the script relies on external tools (curl, jq) even though the registry metadata declares no required binaries. These mismatches are likely sloppy but important to surface.
Instruction Scope
Runtime instructions are confined to interacting with the qBittorrent WebUI API and reading a local JSON credentials file or env vars. The helper script will read credentials from disk, write a session cookie to /tmp, and can upload local .torrent files (it sends file contents to the qBittorrent instance). There are no instructions to call unrelated external endpoints, read arbitrary other config files, or exfiltrate to unknown servers — but pointing QBIT_URL at an untrusted remote server would expose local file contents when using the add-file command.
Install Mechanism
This is an instruction-only skill with no install spec, so nothing is downloaded or installed by the registry. That is low risk. Note: the script expects utilities (curl, jq) to be present on the host; the skill does not declare these requirements.
!
Credentials
The registry lists no required env vars, but the README and script support QBIT_URL, QBIT_USER, QBIT_PASS (and QBIT_CONFIG/QBIT_COOKIE). The script will read plaintext credentials from a local config file (~/.openclaw/credentials/qbittorrent/config.json by default) or from env vars. Requesting/storing the qBittorrent username/password is expected for this purpose, but storing them in plain JSON under the home directory is sensitive and should be confirmed by the user. Also the discrepancy in credential file path between README and SKILL.md is confusing and should be fixed.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide configuration changes. It writes a session cookie to /tmp and reads a credentials file from the user's home directory; those are limited, expected behaviors. There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill is basically a qBittorrent WebUI client implemented as a shell script and is coherent with its stated purpose, but review these before installing: - Verify the credentials path: SKILL.md and README disagree (~/.openclaw vs ~/.clawdbot). Make sure you create the credentials file where the script will actually read it (or set QBIT_CONFIG). - Ensure required tools exist: the script uses curl and jq; install those or the script will fail. The registry metadata did not declare required binaries. - Protect credentials: the script reads username/password in plaintext from a JSON file or env vars—store that file with appropriate permissions and consider using env vars if you prefer not to keep a file. - Be cautious about QBIT_URL: only point it to qBittorrent instances you trust and control (ideally local or private network). The add-file command uploads local files to the remote qBittorrent instance, which could leak file contents if the remote server is untrusted. - Check the cookie file location (/tmp/qbit_cookie_<uid>.txt) and its permissions; it contains session identifiers. - If you need higher assurance, open and review scripts/qbit-api.sh fully (it is included) and test in a controlled environment before granting access to sensitive torrents or exposing to public hosts. Given the mismatches and sensitive plaintext credentials, proceed only after confirming these items; the issues look like sloppy configuration rather than intentionally malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9767yscwzvtbd36spj89756js84ewww

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments