百度智能云VOD字幕擦除
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a purpose-aligned Baidu VOD subtitle-removal tool, but users should notice that it uploads selected videos to Baidu services and uses cloud/netdisk credentials that are under-declared in the registry metadata.
Before installing, make sure you are comfortable uploading the selected videos to Baidu VOD, use limited-scope Baidu credentials where possible, confirm any batch file list or task deletion, and verify any optional bdpan/netdisk tooling is trusted and already logged into the intended account.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing/using the skill may let the agent perform Baidu VOD operations using your cloud account credentials.
The script requires Baidu VOD cloud credentials, while the registry metadata says no required env vars or primary credential. This is purpose-aligned but under-declared.
ak = os.environ.get("BAIDU_VOD_AK", "")
sk = os.environ.get("BAIDU_VOD_SK", "")Use a least-privilege Baidu credential if possible, set it only when needed, and avoid enabling debug output unless troubleshooting.
Videos you choose for processing will be sent to Baidu’s VOD service, and processed results may be downloaded or uploaded to netdisk.
Selected video files are uploaded to Baidu VOD for processing. This external provider transfer is central to the skill but can involve private media.
HOST = "vod.bj.baidubce.com" ... response = requests.put(upload_url, data=f, headers=headers, timeout=600)
Only process videos you are comfortable uploading to Baidu services, and verify the destination before using netdisk upload features.
The agent can run scripts that upload/process videos or manage tasks, but the documented workflow requires you to confirm the action first.
The skill exposes Bash-based processing and batch operations, but the instructions explicitly require user confirmation before execution.
禁止直接执行命令!必须按以下流程引导用户: ... 确认配置 → 展示参数让用户确认 ... 用户确认 → 才能执行命令
Confirm the exact file list, erase mode, output destination, and any delete operation before allowing execution.
The skill may fail or require locally installed dependencies/tools that are not fully declared in the registry.
The registry lists only python3 and no install spec, but the included scripts rely on Python packages and subprocess-driven helper functionality. This is not suspicious by itself, but the dependency contract is incomplete.
import requests import subprocess
Review the included scripts before use and ensure dependencies such as requests and any bdpan CLI are installed from trusted sources.