Back to skill
Skillv1.0.0
ClawScan security
Baidudisk Mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 7, 2026, 1:47 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill generally matches its stated purpose (a Baidu Netdisk MCP/stdin server) but the package metadata and runtime instructions are inconsistent and make unsafe assumptions (missing referenced registration script, undisclosed required credentials, hard-coded absolute paths), so review and fixes are needed before trusting it.
- Guidance
- This skill appears to implement a legitimate Baidu Netdisk MCP server, but there are several red flags you should address before installing: 1) The package metadata claims no credentials required, yet the server needs a Baidu access_token (via a token file or BAIDU_NETDISK_ACCESS_TOKEN); do not provide tokens until you verify the code. 2) SKILL.md references scripts/baidudisk_mcporter.sh but the bundle contains scripts/register_mcporter.sh which expects a non-included workspace script — registration may fail or run unexpected commands. 3) The instructions hard-code absolute paths (uv binary, /home/ubuntu workspace paths); inspect and adjust these to your environment before running. 4) The skill will write/modify mcporter config in your workspace and will read a token file from your home directory every tool call — ensure that path and the file permissions are acceptable. Recommended steps: review server/netdisk.py and the register script in full, run them in an isolated environment (or container), confirm or replace the registration commands with safe local equivalents, and only put a Baidu access_token into the token file after you are comfortable with the code. If you cannot verify the missing registration script or the hard-coded paths, treat this package as untrusted.
Review Dimensions
- Purpose & Capability
- concernThe code and SKILL.md implement a Baidu Netdisk MCP stdio server (netdisk.py + generated openapi client) which is coherent with the name/description. However the registry metadata claims no required environment variables or primary credential, while the runtime code and SKILL.md clearly require an access_token (via a token file or BAIDU_NETDISK_ACCESS_TOKEN). Also SKILL.md calls scripts/baidudisk_mcporter.sh but the included script is scripts/register_mcporter.sh which delegates to a non-included workspace script; the expected registration script path appears missing. These mismatches are unexpected and warrant caution.
- Instruction Scope
- noteRuntime instructions are mostly within the stated purpose (register an mcporter stdio server, read a local token JSON file on every call, and call Baidu API endpoints). But the SKILL.md uses absolute, environment-specific paths (e.g. /home/linuxbrew/.linuxbrew/bin/uv and /home/ubuntu/.openclaw/workspace/config/mcporter.json) and references a registration script that is not present in the bundle; it also instructs writing to a workspace mcporter.json which will change local tool config. Those assumptions may break or have side effects on different hosts.
- Install Mechanism
- okThere is no remote install spec (no downloads from arbitrary URLs). The repository bundles Python server code and generated OpenAPI client code; nothing in the package attempts to fetch or execute remote installers. That lowers remote-install risk, but included code will be executed locally if the user follows SKILL.md steps—so inspect the code before running.
- Credentials
- concernAlthough the skill legitimately needs a Baidu access_token (the code reads BAIDU_NETDISK_TOKEN_FILE, BAIDU_NETDISK_ACCESS_TOKEN and BAIDU_NETDISK_DEFAULT_DIR), the registry metadata declares no required env vars or primary credential. This omission is misleading. Requiring an access token for cloud operations is proportionate to purpose, but the metadata mismatch and the fact the token lives in a local home path (~/.openclaw/credentials/baidudisk.json) are things a user should explicitly acknowledge before installation.
- Persistence & Privilege
- notealways:false and default autonomous invocation are reasonable. The SKILL.md instructs registering a stdio server entry into a mcporter config file under the workspace (modifying mcporter.json) — that is expected for integrating an MCP tool but is a local configuration change that affects how mcporter will invoke commands. The registration uses hard-coded command paths which may be inappropriate for some systems.