Skillv1.0.0

ClawScan security

百度网盘 EVA · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 11:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and README match the stated purpose (Baidu Netdisk operations) and only need two Baidu credentials, but the package metadata does not declare those required environment variables and the source/owner is unclear — this mismatch is suspicious and worth caution.
Guidance: This skill appears to implement exactly what it claims (Baidu Netdisk list/search/mkdir) and only calls pan.baidu.com, but be cautious because the package metadata does not declare the required environment variables. Before installing: (1) verify the source/owner since no homepage is provided; (2) only provide a Baidu access_token with minimal scope and expire/remove it when not needed; (3) set credentials in a secure environment (not shared/system-wide); (4) review the included scripts yourself — they are short and readable — and run in a sandbox if you are unsure; (5) ensure the runtime has python3 and the 'requests' package available. The mismatch between metadata and the README is suspicious packaging hygiene; if you need higher assurance, ask the publisher to update metadata to declare BAIDU_APP_ID and BAIDU_NETDISK_TOKEN explicitly and to provide a verified homepage or repository.

Review Dimensions

Purpose & Capability: noteThe skill name/description (Baidu Netdisk file listing/search/dir creation) align with the implementation: the Python script calls the official pan.baidu.com REST API. However, the registry metadata lists no required environment variables or primary credential while both SKILL.md and scripts/main.py require BAIDU_APP_ID and BAIDU_NETDISK_TOKEN. This is an inconsistency (likely sloppy packaging) but the credentials themselves are appropriate for the declared purpose.
Instruction Scope: okSKILL.md instructs setting two environment variables and the included script only reads those env vars and calls Baidu Netdisk endpoints (list/search/create). There are no instructions to read unrelated files, other system credentials, or to exfiltrate data to third-party endpoints outside pan.baidu.com.
Install Mechanism: noteThere is no install spec (instruction-only + bundled Python script). The runtime uses python3 and the script uses the requests library but no dependency declaration is provided; this is a packaging/runtime completeness issue rather than an obvious security problem.
Credentials: concernThe code and SKILL.md require BAIDU_APP_ID and BAIDU_NETDISK_TOKEN which are reasonable and sufficient for the stated functions. The concern is that the skill metadata did not declare these required environment variables or a primary credential, which can hide the need for sensitive tokens from users. The required env vars are sensitive (access_token) and should be clearly declared.
Persistence & Privilege: okThe skill does not request 'always: true', does not modify other skills or system-wide settings, and has no self-installing behavior. Autonomous invocation is allowed (platform default) but is not combined with other high-risk properties here.