Is azzgo/aria2-json-rpc safe?

https://github.com/openclaw/skills/tree/main/skills/azzgo/aria2-json-rpc

73
CAUTION

This aria2 download management skill appears functionally legitimate but exhibits concerning behavior by accessing sensitive credential files during installation. While no data exfiltration occurred, unauthorized credential access represents a significant security violation that warrants caution.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 70/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

HIGH Unauthorized access to sensitive credential files -70

During installation, the skill accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, NPM registry tokens, Docker configuration, and Google Cloud credentials. While these files were not modified or exfiltrated according to canary integrity checks, unauthorized access to credential files represents a significant security violation.

MEDIUM Executable Python scripts in skill -15

The skill contains multiple executable Python scripts that will be executed by the AI agent, including RPC clients, configuration loaders, and example scripts. While the code appears legitimate for aria2 functionality, executable code always presents some security risk.

LOW External network connections during installation -5

The skill made network connections to external hosts beyond GitHub during installation, including connections to IP addresses 185.125.188.59 and 185.125.190.17 on port 443.