Skillv0.1.2

VirusTotal security

Aria2 Rpc · External malware reputation and Code Insight signals for this exact artifact hash.

Scanner verdict

SuspiciousApr 30, 2026, 4:58 AM

Hash: ae48a231e37cc2dd9ea13dbaae22f7b316179ec9dd1a072a6d04adff198d1d5b
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: aria2-rpc Version: 0.1.2 The skill is designed to remotely control an aria2 download service via JSON-RPC, which inherently involves network and file system interactions. While its core functionality is legitimate, the `scripts/aria2_rpc.py` script exposes several capabilities that could be abused if an attacker can control the inputs (e.g., via prompt injection against the OpenClaw agent). These include: 1) Local File Read (LFR) vulnerability: The `add_torrent` and `add_metalink` methods read local files (e.g., `torrent_path`) and send their base64-encoded content to the aria2 RPC server. An attacker could potentially trick the agent into providing a path to a sensitive file, leading to its exfiltration to the aria2 server. 2) Local File Write (LFW) / Configuration Manipulation vulnerability: The `add-uri` command allows specifying `--dir` and `--out` options, and `set-global-option`/`set-option` allow setting arbitrary aria2 configuration keys (e.g., `dir`, `save-session`, `user-agent`, `all-proxy`). This could be exploited to write files to arbitrary locations on the aria2 server's filesystem or manipulate its behavior. 3) Arbitrary Network Requests: The `rpc-url` can be controlled by environment variables or command-line arguments, allowing the script to make requests to arbitrary internal or external endpoints. The `SKILL.md` also grants broad `Bash(aria2:*)` permissions, further increasing the attack surface. These are significant vulnerabilities, but the code does not show clear evidence of intentional malicious behavior (e.g., exfiltrating data to an unauthorized third party, installing backdoors).
External report: View on VirusTotal