ClawHub

baidunetdisk

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Baidu Netdisk management, but it uses full-access session cookies and can delete cloud files without strong guardrails.

Install only if you intentionally want an agent to manage your Baidu Netdisk account. Use a test or low-risk account where possible, store BDUSS/STOKEN only as secrets or environment variables, avoid pasting them into chats or files, and manually confirm any delete, move, rename, or transfer request before allowing the skill to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to extract live BDUSS and STOKEN session cookies from their browser and place them into a local config, which effectively grants full account access if those tokens are exposed. Although it briefly says the values are sensitive, it does not adequately communicate that these are active session credentials equivalent to account takeover material, nor does it provide safer handling guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill silently loads highly sensitive Baidu Netdisk credentials from config.json or environment variables without any user disclosure or consent flow. In an agent setting, this can enable unexpected access to a user's cloud storage account and destructive actions using those credentials, especially since the skill also supports deletion and file transfer.

Missing User Warnings

High
Confidence
98% confidence
Finding
The delete operation performs immediate remote deletion of arbitrary user-supplied paths with no confirmation, dry-run mode, allowlist, or warning. In an agent or automation context, a mistaken parameter, prompt injection, or unintended invocation could irreversibly delete large portions of a user's cloud files using the authenticated session.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger pattern '网盘' is very generic and can match many unrelated cloud-storage requests, causing this skill to activate outside its intended Baidu Netdisk scope. Because the skill has access to the exec tool and uses sensitive credentials (BDUSS/STOKEN), unintended invocation increases the chance of credential-bearing operations being run in the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The triggers '转存' and '创建目录' are ambiguous action terms that are not uniquely tied to Baidu Netdisk, so ordinary file-management requests could route into this skill unintentionally. In this skill's context, misrouting is more dangerous because it may perform authenticated storage operations using secret tokens and an exec-backed implementation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal