Mteam Transmission0.1
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mteam-transmission0-1 Version: 0.1.0 The skill bundle is a functional tool designed to search the M-Team private tracker and send torrents to a local Transmission instance. The Python code in `main.py` uses standard libraries (`requests`, `transmission-rpc`) and includes basic safety checks, such as verifying that downloaded content starts with the correct bencode prefix for torrent files. While the script contains placeholders for credentials and local proxy settings, these are standard for this type of integration and do not exhibit malicious intent or high-risk vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with real credentials, the skill can use the user's M-Team account and add downloads through the user's Transmission instance.
The skill needs private tracker API access and local Transmission account access. That is expected for the stated purpose, but users should treat it as sensitive delegated authority.
配置环境变量或在 `main.py` 中填入你的: - `MTEAM_API_KEY` - Transmission 的 `IP`、`端口`、`账号`、`密码`
Use dedicated, least-privileged credentials where possible, avoid committing real secrets into source files, and prefer environment variables or a secret manager.
An approved download can consume bandwidth and NAS storage, and an incorrect selection could queue unwanted content.
The download tool performs a real mutation by adding a torrent to Transmission. This is purpose-aligned and SKILL.md requires explicit user selection first.
c.add_torrent(f, download_dir=download_dir)
Keep the explicit confirmation step, verify the selected item and mapped download directory, and restrict Transmission RPC access.
Future package changes or an unsafe package source could affect the skill's behavior.
The skill relies on external Python packages installed manually, and the artifacts do not pin versions or provide a lockfile/install spec.
安装依赖:`pip install requests transmission-rpc`
Install from trusted package indexes, pin dependency versions, and review dependency provenance before use.
Traffic may be routed through a local proxy and the approach may conflict with service rules or network policies.
The skill openly advertises using proxy/browser-like behavior to avoid Cloudflare-related blocking. It is disclosed and related to the API workflow, but it is a tradeoff users should understand.
🛡️ 防拦截装甲:完美绕过 Cloudflare 502 拦截。
Use only where permitted by M-Team and local network policy, and avoid expanding this into stealthy anti-bot or CAPTCHA bypass behavior.