Back to skill
Skillv0.1.2
ClawScan security
Aria2 Rpc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 11:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions match its stated purpose (remote control of aria2 via JSON-RPC); minor documentation/metadata inconsistencies are present but there is no evidence of hidden or unrelated behavior.
- Guidance
- This skill appears to be a straightforward aria2 JSON-RPC client and is internally consistent. Before installing, check these small issues: (1) the metadata lists curl as a required binary even though the Python client uses requests — curl is not necessary; (2) the docs show running aria2c to enable RPC but aria2c is not declared as a required binary — if you plan to control a local aria2 instance you must have aria2/aria2c available; (3) be careful which RPC URL and secret you supply — the script will send commands (and in the case of add-torrent/add-metalink will read local files you point it at and encode/send them) to whatever RPC endpoint is configured; ensure that endpoint is trusted; (4) review scripts/aria2_rpc.py yourself if you need higher assurance. If you only intend to control a local aria2 instance, use defaults and keep ARIA2_RPC_SECRET private.
Review Dimensions
- Purpose & Capability
- noteThe name/description (aria2 RPC client) align with the included Python client and docs. The metadata lists required binaries as curl and python3; the shipped client uses python3+requests (no use of curl in the code), and the docs mention running aria2c to enable RPC but aria2/aria2c is not listed as a required binary — this is a small inconsistency in metadata vs. instructions, not a functional mismatch.
- Instruction Scope
- okSKILL.md instructs the agent/user to install requests, enable aria2 RPC, set ARIA2_RPC_URL/ARIA2_RPC_SECRET, and run the provided script. The runtime instructions and script operate on aria2 RPC endpoints and only read local files when explicitly asked (e.g., reading a .torrent/.metalink file supplied by the user). There are no instructions to read arbitrary system files, exfiltrate data to unexpected endpoints, or perform actions outside the aria2 domain.
- Install Mechanism
- okThis is an instruction-only skill (no installer). The only runtime dependency is the requests Python package (installable via pip); no external downloads or archive extraction are performed by the skill itself.
- Credentials
- okNo credentials are required by the registry metadata. The skill accepts optional ARIA2_RPC_URL and ARIA2_RPC_SECRET environment variables as expected for an RPC client. It does not request unrelated secrets or multiple unrelated environment variables.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent/always-on privilege or attempt to modify other skills or global agent configuration. File paths referenced are the skill's own script location or user-supplied files.