Trust Assessment
nas-movie-download received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 10 critical, 3 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Hardcoded default API keys and passwords, Arbitrary code injection via `sed` when modifying script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/SKILL.md:13 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/SKILL.md:17 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/SKILL.md:91 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/SKILL.md:133 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/download-movie.sh:9 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/download-movie.sh:11 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/jackett-search.sh:9 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/qbittorrent-add.sh:9 | |
| CRITICAL | Arbitrary code injection via `sed` when modifying script The `scripts/download-movie.sh` script dynamically modifies `scripts/qbittorrent-add.sh` using `sed` to inject user-controlled variables (`QB_URL`, `QB_USERNAME`, `QB_PASSWORD`). If any of these variables, which can be sourced from environment variables or command-line arguments, contain `sed` delimiters (e.g., `|`) or other shell metacharacters, an attacker could inject arbitrary commands into the temporary script (`$TEMP_QB_SCRIPT`). This leads to arbitrary code execution with the permissions of the skill. Avoid using `sed` for dynamic script modification with untrusted input. Instead, pass the variables directly as arguments to `qbittorrent-add.sh` or set them as environment variables for the subprocess execution. For example: `QB_URL="$QB_URL" QB_USERNAME="$QB_USERNAME" QB_PASSWORD="$QB_PASSWORD" "$QB_SCRIPT" -m "$MAGNET"`. Ensure all variables passed to shell commands are properly quoted (`"$VAR"`) to prevent shell injection. | LLM | scripts/download-movie.sh:136 | |
| CRITICAL | Command injection through unquoted or improperly escaped variables in `curl` arguments Multiple scripts construct `curl` commands by directly interpolating variables (`JACKETT_URL`, `QB_URL`, `QB_USERNAME`, `QB_PASSWORD`) without proper shell quoting or escaping. If these variables, which can be controlled by environment variables or command-line arguments, contain shell metacharacters (e.g., `"; rm -rf /; echo "`), an attacker can inject and execute arbitrary shell commands. This vulnerability affects the base URLs used in `curl` commands and the `--data` arguments for username/password. This is a widespread issue across `scripts/download-movie.sh`, `scripts/jackett-search.sh`, `scripts/qbittorrent-add.sh`, and `scripts/test-config.sh`. 1. **For URLs (`JACKETT_URL`, `QB_URL`):** Ensure the base URL variables are properly quoted when used in `curl` commands (e.g., `curl -s "$JACKETT_URL/..."`). This prevents shell injection from the URL itself. If the URL can contain characters that `curl` interprets as options (e.g., starting with `-`), consider using `curl -s --url "$JACKETT_URL/..."` or `curl -s "$JACKETT_URL/..." --` to explicitly mark the end of options. 2. **For username/password (`QB_USERNAME`, `QB_PASSWORD`):** When using `--data`, use `curl --data-urlencode "username=$QB_USERNAME" --data-urlencode "password=$QB_PASSWORD"` instead of `--data "username=$QB_USERNAME&password=$QB_PASSWORD"`. This ensures that special characters in the username/password are correctly URL-encoded and do not lead to shell injection or malformed POST data. | LLM | scripts/jackett-search.sh:70 | |
| HIGH | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/test-config.sh:11 | |
| HIGH | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/roger0808/nas-movie-download/scripts/test-config.sh:13 | |
| HIGH | Hardcoded default API keys and passwords The skill package includes default API keys and passwords directly embedded in the `SKILL.md` documentation and as default values in the shell scripts. This practice exposes sensitive credentials, making them easily discoverable and potentially compromising the associated services (Jackett, qBittorrent) if the skill is deployed without changing these defaults. An attacker could use these default credentials to gain unauthorized access to Jackett and qBittorrent instances. Remove all hardcoded default values for `JACKETT_API_KEY`, `QB_USERNAME`, and `QB_PASSWORD` from `SKILL.md` and all shell scripts. Instead, require users to explicitly provide these values via environment variables or command-line arguments. Emphasize the importance of using strong, unique passwords and API keys. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/0e5513738e43f43d)
Powered by SkillShield