ClawHub

emby

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Emby admin API wrapper, but it exposes broad server-changing powers and ships a real-looking hardcoded API key without safety controls.

Review before installing. Replace and rotate the bundled API key if it could be real, use a least-privilege Emby account or key, and require explicit user approval before delete, restore, auth-key, user/device, library, encoding, upload, or download actions. Keep saved media in a dedicated folder to avoid accidental overwrite of important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This module exposes a very broad Emby administrative surface, including user management, device deletion, library refresh, virtual folder creation/deletion, backup restore, encoding changes, and destructive item/user operations, while no limiting purpose, authorization model, or guardrails are present. In an agent skill context, this materially increases the blast radius of prompt abuse or accidental invocation because the skill can both enumerate sensitive state and perform irreversible changes on the server.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill includes local file read/write plus upload/download helpers such as camera upload, backup restore, and media/image download to arbitrary local paths. Combining filesystem access with remote transmission in a general-purpose skill creates an exfiltration and overwrite primitive that an agent or downstream caller could misuse to send local data off-host or write attacker-chosen content to disk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The environment functions enumerate local paths, drives, directory contents, parent paths, network shares, and network devices without any stated need or access control. In an agent setting, this is dangerous reconnaissance capability because it can reveal host filesystem layout and internal network resources that can be used to locate sensitive data or plan follow-on actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation includes what appears to be a concrete API key value directly in the configuration example, which can normalize hardcoding secrets and may represent a real credential leak if copied from a live environment. Exposing or encouraging inline storage of API keys increases the chance of unauthorized access to the Emby server and related administrative functions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The camera upload helper reads an arbitrary local file path and posts its contents to the remote Emby server. Without any user-facing disclosure, consent flow, or path restrictions, this creates a straightforward mechanism to exfiltrate local files under the guise of a media operation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The image download helper can write remote content to any caller-supplied local path. Even if the content originates from the Emby server, arbitrary write capability can overwrite existing files or place unexpected content on disk without any warning, approval, or directory restriction.

Missing User Warnings

High
Confidence
97% confidence
Finding
The backup restore function uploads raw backup file contents to the server with no disclosure or authorization checks visible in the skill. This is high risk because backup material often contains highly sensitive configuration and secrets, and restore/import operations can also alter server state in powerful ways.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The video download helper streams remote media directly to an arbitrary output path. This introduces an uncontrolled file write primitive and can consume significant disk space or overwrite files without disclosure, which is risky in an automation/agent environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The audio download helper mirrors the same arbitrary local file write behavior as video download. In the absence of consent, path restrictions, or overwrite protections, it can be abused to place or replace files on the host filesystem.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal