Aria2 Download
Security checks across malware telemetry and agentic risk
Overview
The skill matches its Aria2 download purpose, but its script and setup guidance create review-worthy safety risks around RPC exposure and parsing remote responses as executable code input.
Install only if you control the Aria2 RPC server. Keep RPC bound to localhost unless remote access is intentionally protected, use a strong unique secret, avoid plain HTTP to remote RPC endpoints, and treat progress/watch commands as unsafe with untrusted or compromised Aria2 servers until response parsing is changed to handle JSON strictly as data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.