← 返回 Skills 市场
killgfat

Aria2 Rpc

作者 KGTAF · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
420
总下载
0
收藏
2
当前安装
4
版本数
在 OpenClaw 中安装
/install aria2-rpc
功能描述
Remote control for aria2 download service via JSON-RPC 2.0. Supports adding downloads (HTTP/FTP/Torrent/Magnet), querying task status, pausing/resuming, and...
使用说明 (SKILL.md)

aria2-rpc Skill

通过 JSON-RPC 2.0 协议远程控制 aria2 下载服务。

功能

  • 添加 HTTP/FTP/Magnet/Torrent 下载
  • 查询任务状态、暂停/继续/删除任务
  • 获取全局统计和配置
  • 支持远程 aria2 实例和 RPC 认证

安装

# 安装依赖
pip3 install requests

# 配置 aria2(启用 RPC)
aria2c --enable-rpc --rpc-listen-all=true --rpc-secret=mytoken -D

快速开始

# 添加下载
python3 /root/.openclaw/workspace/skills/aria2-rpc/scripts/aria2_rpc.py add-uri "http://example.com/file.zip" --rpc-secret mytoken

# 查看进度
python3 scripts/aria2_rpc.py tell-active --rpc-secret mytoken

环境变量

export ARIA2_RPC_URL="http://localhost:6800/jsonrpc"
export ARIA2_RPC_SECRET="your-secret-token"

脚本路径

  • 主脚本: /root/.openclaw/workspace/skills/aria2-rpc/scripts/aria2_rpc.py

详细文档

安全使用建议
This skill appears to be a straightforward aria2 JSON-RPC client and is internally consistent. Before installing, check these small issues: (1) the metadata lists curl as a required binary even though the Python client uses requests — curl is not necessary; (2) the docs show running aria2c to enable RPC but aria2c is not declared as a required binary — if you plan to control a local aria2 instance you must have aria2/aria2c available; (3) be careful which RPC URL and secret you supply — the script will send commands (and in the case of add-torrent/add-metalink will read local files you point it at and encode/send them) to whatever RPC endpoint is configured; ensure that endpoint is trusted; (4) review scripts/aria2_rpc.py yourself if you need higher assurance. If you only intend to control a local aria2 instance, use defaults and keep ARIA2_RPC_SECRET private.
功能分析
Type: OpenClaw Skill Name: aria2-rpc Version: 0.1.2 The skill is designed to remotely control an aria2 download service via JSON-RPC, which inherently involves network and file system interactions. While its core functionality is legitimate, the `scripts/aria2_rpc.py` script exposes several capabilities that could be abused if an attacker can control the inputs (e.g., via prompt injection against the OpenClaw agent). These include: 1) Local File Read (LFR) vulnerability: The `add_torrent` and `add_metalink` methods read local files (e.g., `torrent_path`) and send their base64-encoded content to the aria2 RPC server. An attacker could potentially trick the agent into providing a path to a sensitive file, leading to its exfiltration to the aria2 server. 2) Local File Write (LFW) / Configuration Manipulation vulnerability: The `add-uri` command allows specifying `--dir` and `--out` options, and `set-global-option`/`set-option` allow setting arbitrary aria2 configuration keys (e.g., `dir`, `save-session`, `user-agent`, `all-proxy`). This could be exploited to write files to arbitrary locations on the aria2 server's filesystem or manipulate its behavior. 3) Arbitrary Network Requests: The `rpc-url` can be controlled by environment variables or command-line arguments, allowing the script to make requests to arbitrary internal or external endpoints. The `SKILL.md` also grants broad `Bash(aria2:*)` permissions, further increasing the attack surface. These are significant vulnerabilities, but the code does not show clear evidence of intentional malicious behavior (e.g., exfiltrating data to an unauthorized third party, installing backdoors).
能力评估
Purpose & Capability
The name/description (aria2 RPC client) align with the included Python client and docs. The metadata lists required binaries as curl and python3; the shipped client uses python3+requests (no use of curl in the code), and the docs mention running aria2c to enable RPC but aria2/aria2c is not listed as a required binary — this is a small inconsistency in metadata vs. instructions, not a functional mismatch.
Instruction Scope
SKILL.md instructs the agent/user to install requests, enable aria2 RPC, set ARIA2_RPC_URL/ARIA2_RPC_SECRET, and run the provided script. The runtime instructions and script operate on aria2 RPC endpoints and only read local files when explicitly asked (e.g., reading a .torrent/.metalink file supplied by the user). There are no instructions to read arbitrary system files, exfiltrate data to unexpected endpoints, or perform actions outside the aria2 domain.
Install Mechanism
This is an instruction-only skill (no installer). The only runtime dependency is the requests Python package (installable via pip); no external downloads or archive extraction are performed by the skill itself.
Credentials
No credentials are required by the registry metadata. The skill accepts optional ARIA2_RPC_URL and ARIA2_RPC_SECRET environment variables as expected for an RPC client. It does not request unrelated secrets or multiple unrelated environment variables.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/always-on privilege or attempt to modify other skills or global agent configuration. File paths referenced are the skill's own script location or user-supplied files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install aria2-rpc
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /aria2-rpc 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
v0.1.2: Cleaned up test files and README.md for cleaner distribution
v0.1.1
- Removed README.md to streamline documentation. - Removed scripts/test_installation.py to clean up testing files. - No functional or interface changes in this version.
v0.1.0
Initial release. - Remote control for aria2 download service via JSON-RPC 2.0. - Supports adding downloads (HTTP/FTP/Torrent/Magnet), querying task status, pausing/resuming, and removing tasks. - Compatible with both local and remote aria2 instances. - Includes documentation for setup, usage examples, and configuration. - Requires curl, python3, and the requests Python package.
v0.0.2
v0.0.2: Restructured documentation - moved detailed docs to references/, refined SKILL.md, added API_REFERENCE.md and USAGE.md
元数据
Slug aria2-rpc
版本 0.1.2
许可证
累计安装 2
当前安装数 2
历史版本数 4
常见问题

Aria2 Rpc 是什么?

Remote control for aria2 download service via JSON-RPC 2.0. Supports adding downloads (HTTP/FTP/Torrent/Magnet), querying task status, pausing/resuming, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 420 次。

如何安装 Aria2 Rpc?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aria2-rpc」即可一键安装,无需额外配置。

Aria2 Rpc 是免费的吗?

是的,Aria2 Rpc 完全免费(开源免费),可自由下载、安装和使用。

Aria2 Rpc 支持哪些平台?

Aria2 Rpc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Aria2 Rpc?

由 KGTAF(@killgfat)开发并维护,当前版本 v0.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论