ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

download-manager

v1.2.0

管理和查看 qBittorrent 和 Transmission 下载器的任务状态,支持添加、启动、暂停和删除下载任务。

0· 65·0 current·0 all-time
by噢福阔斯KANG@jinkang19940922

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jinkang19940922/download-manager-jinkang.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "download-manager" (jinkang19940922/download-manager-jinkang) from ClawHub.
Skill page: https://clawhub.ai/jinkang19940922/download-manager-jinkang
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install download-manager-jinkang

ClawHub CLI

Package manager switcher

npx clawhub@latest install download-manager-jinkang
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (manage qBittorrent and Transmission) matches the code and instructions: the script implements listing, add/pause/resume/delete and status for both services. However, the skill embeds a specific LAN IP and admin credentials for both qBittorrent and Transmission instead of exposing them as configurable inputs (environment variables or config), which makes the package tied to the packager's environment and unexpected for a general-purpose skill.
!
Instruction Scope
SKILL.md explicitly contains the administrative URL, username, and password for both services and instructs the user/agent to log in or run the script against those endpoints. While this is within the declared domain (managing those services), embedding credentials in runtime instructions grants the skill immediate access to a potentially private host and leaks secrets in the skill text — a scope creep / secrecy issue.
Install Mechanism
No install spec or external downloads; all code is included in the repository. This lowers install risk because nothing is fetched from remote arbitrary URLs.
!
Credentials
The skill requests no environment variables in metadata but contains hard-coded credentials (QB_USER, QB_PASS, TR_AUTH) and network addresses inside the code and SKILL.md. Sensitive credentials are present but not declared as required/protected inputs — disproportionate handling of secrets and not transparent to an installer.
Persistence & Privilege
No special persistence or 'always' privilege requested; agent-autonomy defaults are unchanged. The skill does not attempt to modify other skills or system-wide settings.
What to consider before installing
This skill does what it says (manages qBittorrent/Transmission) but includes hard-coded administrative URLs and credentials in SKILL.md and download_manager.py. Before installing or running it: 1) Do NOT rely on the embedded credentials — treat them as developer placeholders. 2) Inspect the code yourself (or have someone you trust do it). 3) Replace embedded URLs/credentials with configuration (environment variables or an explicit config file) and ensure secrets are not stored in plain text in the skill. 4) If you don't control 192.168.10.222 on your network, avoid running it as-is — it will attempt to connect to that host using admin credentials. 5) Run the tool in an isolated environment (VM/container) if you want to test. 6) Prefer skills that declare required credentials in metadata so you can protect them and review access before granting it.

Like a lobster shell, security has layers — review code before you run it.

downloadvk97deda2a14jbfwcb6syddswkd84rpzflatestvk97deda2a14jbfwcb6syddswkd84rpzfqbittorrentvk97deda2a14jbfwcb6syddswkd84rpzftorrentvk97deda2a14jbfwcb6syddswkd84rpzftransmissionvk97deda2a14jbfwcb6syddswkd84rpzf
65downloads
0stars
3versions
Updated 2w ago
v1.2.0
MIT-0
噢福阔斯KANG@jinkang19940922
downloadlatestqbittorrenttorrenttransmission
Download

Download Manager Skill

完全管理 qBittorrent 和 Transmission 下载器。

激活条件

用户提到以下关键词时激活:

  • 下载器管理
  • 下载状态
  • qBittorrent
  • Transmission
  • 种子管理
  • 做种
  • 任务管理

支持平台

qBittorrent

Transmission

功能

1. 查看状态

下载状态           # 查看所有下载器
qb                # 只看 qBittorrent (需浏览器登录)
tr                # 只看 Transmission

2. 列出任务

tr --list           # Transmission 全部任务
tr --list seeding  # Transmission 做种任务
tr --list downloading  # Transmission 下载中

3. 添加任务 (Transmission)

tr --add "magnet:xxx"    # 通过 magnet 添加
tr --add "http://xxx"    # 通过 URL 添加

4. 暂停任务 (Transmission)

tr --pause <hash>  # 暂停 Transmission 任务

5. 恢复任务 (Transmission)

tr --resume <hash> # 恢复 Transmission 任务

6. 删除任务 (Transmission)

tr --delete <hash>          # 删除 Transmission 任务(保留文件)
tr --delete <hash> --delfiles  # 删除任务并删除文件

命令行用法

# 查看状态
python download_manager.py --all
python download_manager.py --qb        # 需要浏览器登录
python download_manager.py --tr

# 列出任务
python download_manager.py --tr --list
python download_manager.py --tr --list seeding

# 添加任务
python download_manager.py --tr --add "magnet:xxx"
python download_manager.py --tr --add "http://xxx"

# 暂停/恢复
python download_manager.py --tr --pause <hash>
python download_manager.py --tr --resume <hash>

# 删除
python download_manager.py --tr --delete <hash>
python download_manager.py --tr --delete <hash> --delfiles

qBittorrent 说明

qBittorrent 需要通过浏览器登录后操作:

  1. 打开 http://192.168.10.222:8085
  2. 登录用户名:admin / 密码:70719405
  3. 通过浏览器界面管理

Transmission 说明

Transmission 支持完整的命令行操作:

  • 添加任务
  • 暂停/恢复
  • 删除
  • 查看状态

获取任务信息

需要先通过 --list 查看任务列表,部分操作需要任务 hash。

注意事项

  • qBittorrent 建议通过 Web UI 浏览器管理
  • Transmission 支持完整 API 操作
  • 删除文件操作不可恢复

Comments

Loading comments...