Skill Trust Decision

stremio-cli

Name: stremio-cli Trust Review Report
Item: stremio-cli
Rating: 35
Author: ClawSafe

SKILL.md explicitly claims the main script is 'legacy and not used', but it is fully functional code that performs undeclared shell execution via subprocess.Popen.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 3

Artifacts 2

Violations 1

Findings 4

Most direct threat evidence

Skill presented as safe browser automation tool in SKILL.md Entry · SKILL.md

False statement claims script is 'not used' to hide true capabilities deception · SKILL.md

Full-featured Python script with browser + shell execution is actually deployed Escalation · scripts/stremio_cast.py

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

2 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

Skill presented as safe browser automation tool in SKILL.md

Entry · SKILL.md:1

False statement claims script is 'not used' to hide true capabilities

deception · SKILL.md:15

Full-featured Python script with browser + shell execution is actually deployed

Escalation · scripts/stremio_cast.py:1

subprocess.Popen executes 'catt cast' shell command with captured stream URL

Execution · scripts/stremio_cast.py:67

What drove the risk score up

Doc deception - explicit false statement +25

SKILL.md line 15 states script is 'not used' when it's fully functional automation code

Undeclared shell execution +25

subprocess.Popen(['catt', ...]) at line 67 executes shell commands without any declaration

Suspicious hardcoded streaming server +10

Hardcoded URL contains local IP disguised as domain: 192-168-15-162.519b6502d940.stremio.rocks

Potential shell injection vector +5

stream_url captured from network intercept is passed to shell command without sanitization

Most important evidence

High Doc Mismatch

Explicit false statement about script status

SKILL.md line 15 states 'The script in scripts/stremio_cast.py is Portuguese/legacy and not used — we rely on the built-in browser tool instead.' This is demonstrably false. The script is fully functional Python code with complete automation logic including browser control, stream URL interception, and shell command execution.

SKILL.md:15

Remove this false statement. Either use the script and declare its capabilities, or remove it entirely.

High RCE

Undeclared shell command execution via subprocess

The script executes 'catt cast' command via subprocess.Popen without any declaration in SKILL.md. This constitutes shell:WRITE capability that was never disclosed to the user.

scripts/stremio_cast.py:67

Declare shell:WRITE capability if this execution is intentional and necessary.

Medium Sensitive Access

Suspicious hardcoded streaming server URL

The URL contains a local network IP address (192.168.15.162) disguised as a subdomain of stremio.rocks. This could indicate a man-in-the-middle setup or a custom streaming server.

scripts/stremio_cast.py:10

Verify this is a legitimate Stremio streaming server. If it's a custom server, this should be disclosed.

Low RCE

Potential injection via unsanitized stream URL

The stream_url variable is captured from network request interception and passed directly to a shell command. If the URL contains special characters, this could be exploited.

scripts/stremio_cast.py:67

Validate and sanitize stream_url before passing to shell command.

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred NONE

No file operations in script

Network Pass

Declared NONE

→

Inferred READ

scripts/stremio_cast.py:10 - Makes HTTP requests to external Stremio service

Shell Block

Declared NONE

→

Inferred WRITE

scripts/stremio_cast.py:67 - subprocess.Popen(['catt', '-d', device, 'cast', stream_url])

Browser Pass

Declared READ

→

Inferred READ

Playwright browser automation is declared and used

Suspicious artifacts and egress

Medium External URL

https://app.strem.io/shell-v4.4/?streamingServer=https%3A%2F%2F192-168-15-162.519b6502d940.stremio.rocks%3A12470#/

scripts/stremio_cast.py:10

Info Email

[email protected]

SKILL.md:12

Dependencies and supply chain

There are no structured dependency warnings.

File composition

3 files · 135 lines

Python 1 files · 88 linesMarkdown 1 files · 42 linesJSON 1 files · 5 lines

Files of concern · 2

scripts/stremio_cast.py Python · 88 lines

Undeclared shell command execution via subprocess · Suspicious hardcoded streaming server URL · Potential injection via unsanitized stream URL · https://app.strem.io/shell-v4.4/?streamingServer=https%3A%2F%2F192-168-15-162.519b6502d940.stremio.rocks%3A12470#/

SKILL.md Markdown · 42 lines

Explicit false statement about script status · [email protected]

Other files · _meta.json

Security positives

Browser automation via Playwright is properly declared in SKILL.md

No credential harvesting or exfiltration logic observed

Script appears to be legitimate Stremio automation functionality