ClawHub

Tsarr

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed home-media administration helper that can use service credentials and run delete actions, so users should review commands carefully.

Install this only if you trust the `tsarr` npm package and are comfortable letting an agent access media-service config files and credentials. Review commands before execution, especially delete actions and anything using `--delete-files`, and avoid exposing API keys or passwords in logs, shell history, screenshots, or shared config.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The cheatsheet includes a destructive qBittorrent command that permanently deletes torrents and data files, but it does not explicitly warn that `--delete-files` is irreversible and high-risk. In an agent skill context, operators may copy commands directly, so omission of a warning increases the chance of accidental data loss or misuse.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The file documents credential-bearing environment variables for qBittorrent without warning that environment variables may be exposed through shell history, process listings, logs, or shared session configuration. This is not an exploit by itself, but it normalizes handling secrets in a way that can lead to credential disclosure in real deployments.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The Seerr API key environment variable guidance lacks any indication that the API key is sensitive and should be protected from disclosure. In a skill intended for operational use, this can lead users to expose tokens in scripts, screenshots, shell history, or shared environments, enabling unauthorized access to request management functions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal