Trust Assessment
aria2 received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution via 'on-download-complete' hook, Potential exposure of aria2 RPC secret, Risk of downloading malicious content and resource exhaustion.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via 'on-download-complete' hook The skill explicitly states it relies on a host-side script triggered by aria2's 'on-download-complete' hook, which is configured in 'aria2.conf'. This hook executes arbitrary commands on the host system upon download completion. A malicious user could provide a URL or torrent that downloads a file with a specially crafted name or content. If the 'on-download-complete' script does not properly sanitize inputs (e.g., file names, metadata from the torrent/URL), it could lead to command injection, allowing arbitrary code execution on the host system. The skill's description also mentions '自动转存到 115 网盘并删除本地文件' (auto-transfer to 115 cloud drive and delete local files), indicating broad file system and network access, which could be abused for data exfiltration or system damage if exploited. 1. **Input Sanitization**: Ensure the 'on-download-complete' script rigorously sanitizes all inputs derived from downloaded files (e.g., filenames, metadata) before using them in shell commands. Use proper quoting and avoid direct concatenation. 2. **Least Privilege**: Run the aria2 daemon and the 'on-download-complete' script with the minimum necessary privileges. 3. **Sandboxing**: Consider running aria2 and its associated scripts within a sandboxed environment (e.g., Docker, chroot) to limit potential damage from exploitation. 4. **Review Script Logic**: Thoroughly review the logic of the auto-transfer script for any vulnerabilities that could lead to unintended file transfers or deletions. | LLM | SKILL.md:60 | |
| HIGH | Potential exposure of aria2 RPC secret All example 'curl' commands for interacting with the aria2 RPC interface require an RPC secret (e.g., 'token:e603c18b871468e81ec2b2458d3356e5'). The documentation instructs users to replace '<YOUR_RPC_SECRET>' or configure it via environment variables. If the skill's actual implementation hardcodes this secret, retrieves it from an insecure location, or passes it via command-line arguments that might be logged, it could lead to credential harvesting. An attacker gaining access to this secret could fully control the aria2 daemon, including initiating downloads, pausing/resuming tasks, and potentially triggering the 'on-download-complete' hook with malicious intent. 1. **Environment Variables**: Strongly recommend using environment variables or a secure secret management system to store and retrieve the RPC secret, rather than hardcoding it or embedding it directly in commands. 2. **Secure Communication**: Ensure RPC communication is secured (e.g., using HTTPS if aria2 supports it, or restricting access to 'localhost' only). 3. **Access Control**: Implement strict access control to the aria2 RPC interface, limiting it to trusted processes or users. | LLM | SKILL.md:10 | |
| MEDIUM | Risk of downloading malicious content and resource exhaustion The skill allows users to provide arbitrary magnet links, torrent files, and HTTP/HTTPS URLs for download. This functionality, while core to the skill, introduces several risks: 1. **Malicious Content**: Users could initiate downloads of malicious executables, malware, or content designed to exploit vulnerabilities in the host system or the 'on-download-complete' script. 2. **Resource Exhaustion**: A malicious user could initiate downloads of extremely large files or a large number of files, leading to disk space exhaustion, network bandwidth consumption, or CPU overload on the host system, resulting in a denial-of-service. 3. **Data Exfiltration (indirect)**: If the downloaded content itself contains instructions or triggers vulnerabilities in the post-processing script, it could indirectly lead to data exfiltration from the host. 1. **Input Validation**: Implement strict validation and sanitization of user-provided URLs and magnet links. Consider whitelisting trusted domains or types of content if feasible. 2. **Resource Limits**: Configure aria2 with appropriate resource limits (e.g., maximum download size, maximum active downloads, bandwidth limits) to prevent denial-of-service attacks. 3. **Content Scanning**: If possible, integrate with antivirus or content scanning solutions to check downloaded files before they are processed by the 'on-download-complete' script. 4. **User Trust**: Only allow trusted users to initiate downloads, or implement a review/approval process for downloads. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/480c6f15d881df97)
Powered by SkillShield