Meteor Master AI Bridge
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent local bridge for Meteor Master AI, but users should trust the external CLI and be careful with sensitive status output and destructive data operations.
Use this skill only if you trust the mma-bridge npm CLI and the local Meteor Master AI app. Before running destructive commands, confirm exactly what will be deleted. Treat getCurrentInfo and related outputs as sensitive because they may include local paths, stream URLs, credentials, proxy details, and location metadata.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The reviewed skill text is instruction-only, so the actual behavior of the npm CLI must be trusted separately.
The skill depends on a globally installed npm CLI that is not included in the artifacts; the provided metadata also lists the source as unknown and has no install spec.
已安装 mma-bridge:`npm install mma-bridge -g`
Install mma-bridge only from a trusted npm source, consider pinning a known version, and review the package before using it with sensitive local data.
A mistaken or over-broad delete request could remove local detection records from the MMA application.
The API reference includes an irreversible single or bulk delete operation for Meteor Master AI detection records.
删除单条或多条流星检测数据... 批量删除... 删除操作不可逆,请谨慎操作
Require an explicit user confirmation and show the exact IDs/count before invoking deleteGroup, especially for bulk deletion.
Raw status output could expose camera or stream credentials, local network details, and location metadata in the agent conversation.
The current-info API may return live stream URLs containing embedded credentials, proxy settings, and location information.
"path": "rtsp://admin:101038aA@192.168.0.152:554/Streaming/Channels/101", "httpProxy": "http://127.0.0.1:7897", "longitude": 120.7134, "latitude": 31.2483
Avoid sharing raw getCurrentInfo output publicly, and redact credentials, stream URLs, and precise location fields unless the user explicitly needs them.