ClawHub

Aria2 Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a real aria2 download skill, but it needs Review because it advertises automatic cloud transfer and local deletion through an unspecified host hook and includes a concrete RPC token in its examples.

Review before installing. Replace the hardcoded aria2 RPC token, keep the RPC service bound to localhost or otherwise protected, and do not enable any 115 upload or local-deletion hook until you have inspected that separate script, limited it to a dedicated download directory, and accepted that completed files may be removed locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest promises automatic transfer to 115 cloud and deletion of local files, but the skill only documents aria2 RPC usage and defers those actions to an unspecified host-side script. This creates a dangerous mismatch: users or agents may rely on data-moving and destructive behavior that is neither implemented nor described with sufficient safeguards, making unintended data loss or exfiltration more likely when external automation is later attached.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The documentation says to substitute a placeholder secret, but the examples expose a concrete RPC token value directly in the command payloads. Hardcoding an authentication secret in a distributable skill can leak privileged access to the aria2 RPC service, enabling unauthorized download control, task inspection, and abuse of the host as a downloader.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description advertises automatic cloud transfer and local file deletion without clearly warning the user that files may be moved off-host and then removed. Data-impacting automation is risky in this context because the skill is triggered by download requests, so users may not realize that using it can cause irreversible deletion or third-party transfer.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation scope is broad enough to trigger on generic requests to download files, not just clearly scoped aria2 administration commands. In an agent setting, overly broad activation increases the chance of unintended network retrieval of untrusted content, which can cascade into storage abuse, legal/compliance issues, or follow-on automation such as transfer/deletion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal