ClawHub

Baidunetdisk Skill

Security checks across malware telemetry and agentic risk

Overview

This Baidu Netdisk skill appears purpose-aligned, but it handles full-account session tokens and can perform destructive cloud-storage actions without strong safety controls.

Install only if you intentionally want an agent to operate your Baidu Netdisk account. Treat BDUSS/STOKEN as full account session secrets, avoid storing them casually, and require explicit confirmation before any transfer, create, or delete request. Be especially careful with delete commands because the reported implementation does not provide a built-in confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to extract and supply highly sensitive BDUSS/STOKEN session tokens, which grant authenticated access to the user's Baidu Netdisk account, but it does not clearly state that the skill will use those tokens to make authenticated remote API calls against account-scoped data. In an agent/skill context, this is dangerous because users may treat the configuration as routine setup without fully understanding that the skill can read cloud file metadata and act with their account privileges if compromised or misused.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises one-click transfer of shared files into the user's Netdisk but does not prominently warn that this is a write operation that modifies the user's cloud storage. In an agent-driven environment, unclear disclosure of state-changing actions increases the risk of unintended writes, storage pollution, or saving untrusted/shared content into the user's account without adequately informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes a delete operation for remote files/directories and performs it immediately based on command-line parameters, with no confirmation prompt, dry-run mode, allowlist, or safety interlock. In an agent setting, this increases the chance of accidental or prompt-induced destructive actions against a user's cloud storage, especially because the operation uses already-available authenticated credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad terms such as “网盘”, “转存”, and “创建目录” that can appear in ordinary user requests unrelated to this specific skill. Because the skill has access to an exec-capable tool and handles sensitive Baidu Netdisk credentials, accidental activation could lead to unintended file operations or disclosure/manipulation of cloud-storage data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal