ClawHub

Sumo Torrent

Security checks across malware telemetry and agentic risk

Overview

This torrent helper is mostly transparent, but it asks agents to reuse a personal browser session and can start qBittorrent downloads, so it needs user review before installation.

Install only if you intentionally want an agent to search torrent sites and control qBittorrent. Use a dedicated browser profile with no unrelated logins, change the default qBittorrent password, keep WebUI bound to localhost, and require explicit confirmation before adding any torrent or forwarding requests to another agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill claims to search torrents but also includes a separate capability to directly add magnet links into qBittorrent, which crosses from information retrieval into taking an external side effect on the host/application state. That expands the blast radius of the skill: a prompt that appears to request search only could trigger downloads, network activity, disk usage, and interaction with a local service using embedded credentials.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs use of a persistent browser profile with an existing session to bypass Cloudflare, which means it relies on reused authenticated/cookie state rather than normal bounded automation. This is dangerous because it encourages session hijacking-like behavior inside the agent environment, may expose unrelated cookies or browser data, and normalizes using privileged persistent state to access resources the default browser context cannot.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to use a real browser profile with an existing authenticated session cookie to bypass Cloudflare protections. This is dangerous because it leverages another user's trusted session to evade access controls and anti-bot protections, potentially causing unauthorized browsing activity under that user's identity.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The workflow goes beyond passive search and extraction by instructing the agent to directly add torrent results to qBittorrent or write files locally. That creates local side effects and can trigger downloads or persistence actions without a clearly bounded confirmation step, increasing the risk of unwanted system changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to write output files and directly add magnet links to qBittorrent without an immediate, explicit consent checkpoint at the action point. This is risky because it can cause filesystem changes and initiate downloads as a side effect of a seemingly simple search request, reducing user awareness and auditability of the state-changing behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation says the agent can directly add items to qBittorrent or save output files without a clear warning or consent gate for local data changes. This is dangerous because it may modify the user's environment, create files, or start downloads unexpectedly, which is especially risky for content sourced from torrents.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs use of a browser profile that contains someone else's authenticated session cookies specifically to bypass Cloudflare protections. This is a serious security issue because it abuses an existing trusted session, risks credential/session misuse, and normalizes evasion of access controls rather than respecting them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal