Torrent Search Skill Security Report — Low Risk | ClawSafe

20 /100

Torrent Search Skill

Searches BT4G for torrent files and outputs magnet links with public trackers, optionally adding them directly to qBittorrent

A legitimate torrent search and qBittorrent integration skill with minor security flaws (hardcoded credentials, undocumented allowed-tools references) but no malicious behavior detected.

Skill NameTorrent Search Skill

Duration39.8s

Enginepi

✓

Safe to install

Hardcode removal for qBittorrent credentials should use environment variables. Consider declaring the full toolset (browser, filesystem, network, shell) used by this skill in SKILL.md for full transparency.

Findings 3 items

Severity	Finding	Location
Low	Hardcoded qBittorrent credentials Credential Theft qBittorrent WebUI username and password are hardcoded as string literals in add_to_qbittorrent.py. While they target a localhost-only service (not exposed externally), hardcoding credentials is a poor security practice. `QB_USER = "admin" QB_PASS = "adminadmin"` → Move credentials to environment variables (os.environ.get('QB_USER'), os.environ.get('QB_PASS')) with a fallback warning	`add_to_qbittorrent.py:29`
Low	Browser tool usage undeclared in allowed-tools Doc Mismatch SKILL.md instructs the agent to use the browser tool extensively (open, snapshot, act) but the skill declares no allowed-tools. The browser:WRITE capability should be declared in _meta.json or within SKILL.md for transparency. `browser(action="open", profile="my-daily-chrome", url=...)` → Declare browser:WRITE in the skill's allowed-tools metadata	`SKILL.md:62`
Low	Hardcoded local path references Sensitive Access Both Python scripts hardcode Windows paths (C:\butler_sumo\) which leak information about the host environment. This is minor but contributes to information disclosure. `output_dir = r"C:\butler_sumo\docs\torrent"` → Use a configurable path or environment variable for output directory	`torrent_search.py:78`

Resource	Declared	Inferred	Status	Evidence
Browser	`NONE`	`WRITE`	✓ Aligned	SKILL.md:62 — browser(action="open", profile="my-daily-chrome", ...)
Filesystem	`NONE`	`WRITE`	✓ Aligned	torrent_search.py:95 — os.makedirs(output_dir, exist_ok=True)
Network	`NONE`	`READ`	✓ Aligned	add_to_qbittorrent.py:67 — requests.Session POST to localhost:8080
Shell	`NONE`	`NONE`	—	No shell execution found in any file

12 findings

🔗

Medium External URL 外部 URL

https://bt4gprx.com/search?q=關鍵字

SKILL.md:24

🔗

Medium External URL 外部 URL

https://tracker.zhuqiy.com:443/announce

SKILL.md:168

🔗

Medium External URL 外部 URL

https://tracker.pmman.tech:443/announce

SKILL.md:169

🔗

Medium External URL 外部 URL

https://tracker.nekomi.cn:443/announce

SKILL.md:170

🔗

Medium External URL 外部 URL

https://tracker.moeblog.cn:443/announce

SKILL.md:171

🔗

Medium External URL 外部 URL

https://tracker.bt4g.com:443/announce

SKILL.md:172

🔗

Medium External URL 外部 URL

http://tracker.opentrackr.org:1337/announce

add_to_qbittorrent.py:38

🔗

Medium External URL 外部 URL

http://tracker.torrent.eu.org:451/announce

add_to_qbittorrent.py:39

🔗

Medium External URL 外部 URL

https://tracker.lilith档.com:443/announce

add_to_qbittorrent.py:40

🔗

Medium External URL 外部 URL

https://tr.highhopes.xyz:443/announce

add_to_qbittorrent.py:41

🔗

Medium External URL 外部 URL

https://t.trackers.net:443/announce

add_to_qbittorrent.py:42

🔗

Medium External URL 外部 URL

https://bt4gprx.com/search?q=

torrent_search.py:89

File Tree

4 files · 24.8 KB · 774 lines

Python 2f · 433L Markdown 2f · 341L

├─ 🐍 add_to_qbittorrent.py Python 280L · 9.7 KB

├─ 📝 SKILL_zh.md Markdown 128L · 3.7 KB

├─ 📝 SKILL.md Markdown 213L · 6.1 KB

└─ 🐍 torrent_search.py Python 153L · 5.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`unspecified`	import only	No	No requirements.txt; requests is a standard library-equivalent import. Version not pinned but only used for localhost HTTP calls.

Security Positives

✓ No shell command execution, subprocess, or os.system calls found

✓ No credential exfiltration or data theft behavior

✓ No base64 encoding, obfuscation, or anti-analysis techniques

✓ No remote script download (curl|bash, wget|sh)

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No environment variable iteration for key harvesting

✓ Network requests are limited to localhost (qBittorrent WebUI) and legitimate torrent tracker domains

✓ All functionality aligns with the stated torrent-search purpose

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives