Aria2 Downloader

What to consider before installing: - The skill's description promises automatic upload to 115网盘 and deletion of local files, but the instructions only show aria2 JSON-RPC calls and say you must provide a host-side on-download-complete script. Installing this skill alone will not perform the 115 upload — you must supply and secure that script and any 115 credentials yourself. - The SKILL.md contains a repeated literal RPC token string (token:e603c18b871468e81ec2b2458d3356e5) in examples but the skill metadata does not declare any required env vars. Treat that token as sensitive: verify whether it's a placeholder or a real secret before using it. Do not expose real credentials in skill text. - The skill's runtime actions (curl to localhost, reading/encoding a local .torrent) require access to local files/aria2 RPC. Only enable this skill if your aria2 instance is intentionally exposed on localhost, protected by a strong secret, and you trust the environment that will run on-download hooks. - If you plan to enable automatic upload to 115, require and configure explicit environment variables for 115 credentials (do not hard-code them in SKILL.md), and review the host-side script that performs the transfer — ensure it safely handles credentials and removes files only after successful transfer. - Legal/privacy: downloading magnet/torrent content can involve copyrighted content. Ensure users and the host comply with local law and acceptable use policies. - Because the metadata and instructions are inconsistent, ask the maintainer (or inspect the host-side scripts) for clarification about: 1) whether the embedded token is a real secret or placeholder, 2) exactly how 115 uploads are implemented and where to store credentials, and 3) expected file paths/permissions for the on-download hook. Given these inconsistencies, treat this skill as suspicious until the missing pieces (115 upload flow and credential handling) are clarified and secrets are removed from documentation.