Skills
skills/openclaw/skills/aria2/Gen Agent Trust Hub

aria2

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The file SKILL.md contains a hardcoded RPC token e603c18b871468e81ec2b2458d3356e5 across multiple example commands. While the text suggests replacing it, the inclusion of a specific hex string is a security risk.
  • COMMAND_EXECUTION (HIGH): The skill instructs the agent to execute shell commands (curl, jq, base64) using variables derived directly from user input (URLs, GIDs, and file paths).
  • Evidence: curl -s http://localhost:6800/jsonrpc ... -d '...,"params":["token:...",["<URL>"]]}' in SKILL.md.
  • Risk: If the agent does not properly sanitize <URL> or <GID>, an attacker could perform command injection to execute arbitrary code on the host.
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external content and uses it in execution contexts.
  • Ingestion points: User-provided magnet links, HTTP URLs, and torrent files are processed by the agent.
  • Boundary markers: Absent. There are no delimiters or instructions telling the agent to treat the input as data only.
  • Capability inventory: The skill uses curl to interact with a local daemon, base64 for encoding, and jq for parsing. This provides a direct path from untrusted input to system operations.
  • Sanitization: Absent. No evidence of validation for URLs or file paths.
  • DATA_EXFILTRATION (MEDIUM): While targeting localhost, the use of curl to send data from local files (like torrents) to a network service constitutes a data movement risk, especially when combined with hardcoded tokens.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:18 AM