baidunetdisk
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Baidu Netdisk management skill, but it requires full-access session credentials and exposes direct cloud-file mutation and deletion commands without clear confirmation safeguards.
Install only if you are comfortable giving the skill full Baidu Netdisk account access. Use a dedicated or test account where possible, protect the BDUSS/STOKEN values, and require explicit confirmation before any transfer, rename, move, or delete operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user invokes the wrong command or path, files in the Baidu Netdisk account could be deleted or changed.
The skill exposes a direct delete operation for user-supplied Baidu Netdisk paths and also states that deletion is unrecoverable, but the artifacts do not document a required confirmation or approval guard before this high-impact action.
python scripts/main.py delete path=/要删除的路径
Use this only with explicit user approval for rename, move, transfer, mkdir, and especially delete operations; prefer a test account or limit usage to non-critical files.
Anyone who obtains these credentials may be able to access or modify the user's Baidu Netdisk account.
The skill requires Baidu session credentials with full account access. This is disclosed and aligned with the Baidu Netdisk purpose, but it is a sensitive privilege boundary.
本 Skill 需要您的百度网盘登录凭证(BDUSS 和 STOKEN),这些凭证具有完全访问您网盘账户的权限
Store credentials only in a trusted environment, prefer environment variables or a dedicated/test account, restrict file permissions on config.json, and rotate credentials if exposure is suspected.
Users have less registry-level assurance about where the skill came from or exactly how dependencies should be installed.
The registry-level provenance and install metadata are incomplete, while the documentation still asks users to install Python dependencies manually. No hidden installer or malicious dependency behavior is shown.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the skill source before use and install dependencies from a trusted Python package index in an isolated environment if possible.