ClawHub

Docker Xunler Downloader

v1.0.0

Interact with Docker-deployed Xunlei to submit magnet links, monitor tasks, and prioritize main content downloads with intelligent filtering.

1· 1.7k·4 current·4 all-time
by王康@saaak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files (index.js and xunlei_docker_client.js) implement the described functionality (connect to a user-configured Xunlei service, list/submit tasks, classify files). However registry metadata lacks a description while SKILL.md and README describe Node/Chrome dependencies and require a config; the package contains code and package.json but there is no install spec in the registry metadata — that mismatch is unexpected.
!
Instruction Scope
Runtime instructions are scoped to interacting with a configured Xunlei host/port and managing downloads; index.js reads/writes a local config.json and the client only contacts the configured baseUrl. However the SKILL.md was flagged by the scanner for a 'base64-block' injection pattern (possible prompt-injection or hidden encoded content) and a default config.json embedded in the package points to an internal IP (192.168.1.40) which could cause unintended local-network connections if used as-is. Recommend reviewing the full SKILL.md and config.json contents before use.
!
Install Mechanism
The skill has no install spec in registry metadata (marked instruction-only) but includes package.json and package-lock.json and README instructs 'npm install' — this inconsistency means installing will pull dependencies (axios, etc.) from an npm registry. package-lock entries resolve to registry.npmmirror.com (a third-party mirror) which is not inherently malicious but is an external source; there is no signed/verified release specified. This raises supply-chain/installation risk compared to an instruction-only skill.
Credentials
The skill requests no environment variables or external credentials in metadata, and the code uses only a user-provided host/port/ssl config. That's proportional. Minor oddities: SKILL.md lists 'Chrome browser (for authentication methods)' which the code does not clearly require at runtime, and the large hard-coded random string used to generate an auth token is unusual but appears internal to Xunlei auth emulation (not an external secret).
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes/reads a config.json inside its own skill directory (normal for skill-level config). Autonomous invocation is enabled by default (normal for skills) but not combined with any broad credential access here.
Scan Findings in Context
[base64-block] unexpected: The SKILL.md was flagged for a base64-block pattern by the static scanner. In the provided excerpt there is no visible base64 payload, so this may indicate hidden or truncated content in the SKILL.md (or a false positive). Regardless, encoded blocks in runtime instructions are unusual for a downloader skill and may be a prompt-injection attempt — inspect the full SKILL.md for any embedded/encoded instructions before installing.
What to consider before installing
Things to check before installing or enabling this skill: - Inspect SKILL.md, config.json, and all JS files locally for any hidden/encoded content (the scanner flagged a base64-block). Do not trust embedded encoded blocks without decoding and reviewing them. - The package includes package.json/package-lock but registry metadata had no install spec; if you run 'npm install' you will fetch packages (package-lock points to registry.npmmirror.com). Prefer to review package-lock integrity (checksums) or install dependencies from a source you trust. - Change the provided config.json default (192.168.1.40:2345) before running; confirm the target host is one you control. The skill will make HTTP(S) requests to whatever host/port you configure — it can be used to probe internal network services if misconfigured. - The skill writes config.json into its skill directory. Back up or sandbox the skill directory and run it in an isolated environment if you want to test safely. - Review the xunlei_docker_client.js auth code (generatePanAuth) — it fabricates tokens and scrapes HTML; ensure this behavior matches your Xunlei instance and that you're comfortable with the approach. - Consider legal/ethical issues: this tool downloads magnet/torrent content; ensure you have rights to download content. If you are not comfortable with these items or cannot fully review the code, do not enable the skill on production systems. If you want higher assurance, request the publisher to provide a signed release, a deterministic install spec, or a minimal instruction-only version that does not require npm installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk975xvtbm4bpanqbj0za4kekvd80d7sp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments