Back to skill

Security audit

Aria2 Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate aria2 download helper, but it needs Review because it documents automatic cloud transfer and local deletion without enough safeguards and repeatedly embeds a fixed RPC token.

Review before installing. Replace the hardcoded aria2 RPC token, keep the RPC service bound to localhost or otherwise protected, and do not enable any 115 cloud upload or local-deletion hook until you have inspected that separate host script, limited it to a dedicated download directory, and accepted that completed files may be removed locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The documentation claims the RPC secret should be replaced with a placeholder or environment variable, but the example embeds a real-looking fixed token directly in the request. Hardcoded secrets in skill content can be reused by anyone with access to the skill, enabling unauthorized control of the local aria2 RPC service and any connected automation such as post-download transfer and deletion hooks.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
Across the document, multiple command examples repeatedly expose and rely on the same fixed RPC secret despite earlier text saying to use a placeholder or environment variable. This broadens exposure and normalizes insecure operator behavior, making unauthorized task creation, status inspection, pause/remove actions, and abuse of downstream automation significantly more likely.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition includes generic requests to download files, which is broad enough to activate on ordinary user messages without clear confirmation. In this skill's context, activation can initiate network downloads and subsequent automated cloud transfer/deletion behavior, so overbroad triggering increases the chance of unintended or user-surprising actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description states that downloads are automatically transferred to 115 cloud storage and local files are deleted afterward, but it does not present this as a prominent user warning or require explicit consent at trigger time. This can lead to unexpected data movement, privacy issues, and irreversible local data deletion, especially when users think they are requesting only a simple download.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.