Trust Assessment
qbittorrent received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Sensitive environment variable access: $HOME, Command Injection via unquoted curl -d data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unquoted curl -d data Multiple commands in `scripts/qbit-api.sh` construct `curl -d` arguments by directly interpolating user-controlled variables (e.g., `$url`, `$category`, `$tags`, `$hash`, `$down_limit`, `$up_limit`). If these variables contain shell metacharacters (e.g., `"` to break quoting, `$(...)` for command substitution, `;` for command chaining), they can lead to arbitrary command execution on the host system. The `api_call` function passes these arguments directly to `curl` via `"$@"` without proper sanitization or argument separation. Replace direct string concatenation for `-d` arguments with separate `-F "key=value"` arguments for `curl`. This ensures each key-value pair is passed as a distinct argument, preventing shell metacharacter injection. For example, change `api_call POST ... -d "$data"` to `api_call POST ... "${args[@]}"` where `args` is an array of `-F` parameters. | LLM | scripts/qbit-api.sh:170 | |
| CRITICAL | Command Injection / Data Exfiltration via unvalidated filename in curl -F The `cmd_add_file` function constructs a `curl -F` argument using `"-F "torrents=@$filepath"`. If the `$filepath` variable, which can be controlled by user input, contains shell metacharacters (e.g., `"`), it can break out of the quoted string and inject arbitrary `curl` options or shell commands. This could lead to arbitrary file reads (data exfiltration) or command execution on the host system. Implement strict input validation for `$filepath` to ensure it does not contain any shell metacharacters (e.g., `"`, `\`, `$`, `(`, `)`, `;`, `&`, `|`, `<`, `>`). Alternatively, if the qBittorrent API supports it, consider passing the file content via standard input using `--data-binary @-` to avoid embedding the filename directly in a shell argument. | LLM | scripts/qbit-api.sh:190 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/jmagar/qbittorrent/SKILL.md:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jmagar/qbittorrent/scripts/qbit-api.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/e3959d36bbb1437e)
Powered by SkillShield