Skills
skills/openclaw/skills/aria2/Snyk

aria2

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt embeds a real-looking aria2 RPC secret ("token:e603c18b871468e81ec2b2458d3356e5") directly in multiple curl/jsonrpc examples, forcing the agent to include secrets verbatim in generated commands/requests.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Both are potentially risky: https://example.com/file.zip is a direct ZIP download from an unspecified/untrusted host (a common malware delivery vector), and http://localhost:6800/jsonrpc is a local aria2 RPC endpoint which itself doesn't host files but can be abused to make the local daemon download and process malicious content if an attacker can call it or trick the user into doing so.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill accepts and adds arbitrary magnet links, .torrent files, and HTTP URLs supplied by users (e.g., via aria2.addUri/addTorrent and quick-command triggers like "/aria2 https://...") and reads task/file metadata through aria2.tellActive/tellStatus, thereby ingesting untrusted third-party content (remote files and torrent metadata) into its workflow.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The document contains a repeated, literal token value: "token:e603c18b871468e81ec2b2458d3356e5" embedded directly in JSON-RPC example calls. This is a high-entropy, random-looking string (not a placeholder like <YOUR_RPC_SECRET>), present in multiple code blocks (addUri, addTorrent, tellActive, tellStatus, tellWaiting, tellStopped, pause/unpause/remove, getVersion). Per the secret definition, this appears to be a real RPC secret and should be treated as a leaked credential.

Ignored items: placeholders such as <YOUR_RPC_SECRET>, , and descriptive names (RPC port, config path) are not flagged. There are no other high-entropy secrets or private key blocks.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:27 AM