Avoid building new monolithic plugins. Instead, build standalone services that communicate via client REST/RPC APIs. If UI integration is required, target Deluge's Python plugin system or contribute WebUI modules via qBittorrent's alternatives system.
Arbitrary Python code execution. Any installed plugin has full filesystem access and network privileges of the daemon user. 3.2 qBittorrent Search Plugins (Python 3) qBittorrent replaced internal plugins with search engine plugins – Python modules implementing a specific interface: plugins torrents
Systems Architecture Team Next review: Q2 2025 Avoid building new monolithic plugins
As of 2024, no major torrent client implements full plugin sandboxing (e.g., Wasm capabilities or seccomp). Treat any third-party plugin as a potential remote code execution vector. Appendix A: Sample Deluge plugin skeleton (available on request) Appendix B: Comparison of RPC API response times (DelugeRPC vs qBittorrent REST) Appendix C: Docker security profiles for torrent clients with plugins Arbitrary Python code execution