← Back to Scanner

aria2-json-rpc Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

aria2-json-rpc is an AI agent skill, created by azzgo and published at openclaw/skills. ClawSecure audited aria2-json-rpc across 18 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 9 findings concentrate in Data Exfiltration, Command Injection and Unauthorized Tool Use, including Pattern detected: base64.b64encode and Pattern detected: base64.b64encode. 5 were rated high or critical severity.

Is aria2-json-rpc safe?

ClawSecure audited aria2-json-rpc and assigned a security score of 0/100 (High Risk), identifying 9 findings across Data Exfiltration and Command Injection. Review the findings below before installing.

What did ClawSecure find in aria2-json-rpc?

ClawSecure identified 9 findings in aria2-json-rpc, concentrated in Data Exfiltration, Command Injection and Unauthorized Tool Use. 5 were rated high or critical severity. The most severe include Pattern detected: base64.b64encode and Pattern detected: base64.b64encode.

How was aria2-json-rpc audited?

ClawSecure ran aria2-json-rpc through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 18 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned aria2-json-rpc a security score of 0/100, placing it in the High Risk range. This is driven by 9 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for aria2-json-rpc

ClawSecure detected 9 security findings in aria2-json-rpc, spanning Data Exfiltration, Command Injection, Unauthorized Tool Use and Permissions Manifest.

Each finding is expandable in the interactive list below.

3-Layer Audit Protocol

Security Recommendations for aria2-json-rpc

Audit external network connections
aria2-json-rpc sends data to external endpoints. Confirm each destination is expected and authorized, and remove any callback that exfiltrates data. ClawSecure monitors for known exfiltration and C2 endpoints.
Harden command execution
aria2-json-rpc constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Add a config.json permissions manifest
A config.json file declares what an agent component can access: file system, network, shell execution and more. Without it, users have no visibility into what the component can do before installing. This is the single most impactful security improvement for any AI agent skill.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

memory-lancedb-proScore 0/100ai-persona-osScore 0/100ai-persona-osScore 0/100ai-persona-osScore 0/100cognitive-memoryScore 0/100

Scanned on February 7, 2026. aria2-json-rpc is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan