Aria2 Download
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill mostly matches its Aria2 download purpose, but its setup examples expose a powerful RPC service and its script handles RPC responses in a way that can lead to local code execution if crafted data is returned.
Install only if you understand and control the Aria2 RPC server. Prefer localhost binding, set a strong secret, restrict network access, and avoid using remote or untrusted RPC endpoints until the script parses JSON responses as data rather than embedding them into node -e code.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised Aria2 RPC endpoint could potentially cause commands to run on the user's machine when progress or wait functions parse the response.
The script places the raw RPC response directly inside JavaScript source passed to node -e. If the configured RPC endpoint or returned data is crafted, this can break out of the string context or otherwise execute unintended local JavaScript.
RESPONSE=$(curl -s -X POST "$RPC_URL" ...)
...
node -e "
const r = JSON.parse('$RESPONSE');Do not embed RPC responses into code strings. Pipe the response to node via stdin or a file, parse it as data, and reject unexpected response shapes.
If followed on a reachable machine, other users on the network may be able to access or attack the Aria2 control service, especially if the sample secret is reused.
The setup examples publish the Aria2 RPC port and enable listening on all interfaces, while using a weak fixed example secret. Aria2 RPC is a control interface that can add downloads and write into the configured download directory.
docker run -d --name aria2 \ -p 6800:6800 \ ... -e ARIA2_SECRET=88888888 ... aria2c --enable-rpc --rpc-listen-all=true --rpc-secret=88888888
Bind Aria2 RPC to localhost unless remote access is required, use firewall rules or VPN access, and require a strong unique secret rather than the sample value.
Anyone who obtains the secret may be able to control the Aria2 instance within its configured permissions.
The script uses the ARIA2_SECRET environment variable as an Aria2 RPC credential and sends it to the configured RPC URL. This is expected for Aria2 RPC authentication, but it is still privileged access to the download service.
SECRET="${ARIA2_SECRET:-}"
...
"params":["token:${SECRET}",Use a strong secret, keep it out of logs and shared shell history, and avoid sending it over untrusted networks or plain HTTP outside localhost.
The skill may fail or behave differently depending on which local tools are installed.
The script depends on local binaries such as curl and node, while the registry requirements declare no required binaries and there is no install spec. This is not malicious by itself, but it makes runtime requirements less transparent.
RESPONSE=$(curl -s -X POST "$RPC_URL" ...) ... node -e "
Declare required runtime binaries and versions in metadata or installation instructions.