Baidunetdisk Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned for Baidu Netdisk file management, but it requires full-access Baidu session credentials and can perform irreversible file changes.
Install only if you trust the environment and are comfortable giving the skill full Baidu Netdisk access. Store BDUSS/STOKEN securely, avoid shared machines, verify paths before move/rename/delete, and consider using a separate Baidu account for testing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials leak or are misused, someone could access or change files in the Baidu Netdisk account.
The skill requires Baidu session credentials with full access to the user's Netdisk account. This is disclosed and purpose-aligned, but it is high-impact credential use.
本 Skill 需要您的百度网盘登录凭证(BDUSS 和 STOKEN),这些凭证具有完全访问您网盘账户的权限
Use a test or low-risk account if possible, prefer environment variables or protected config files, restrict file permissions, and revoke/refresh credentials when done.
A mistaken or overbroad delete path could remove cloud files from the user's Baidu Netdisk account.
The provided code can call Baidu's filemanager delete API for a user-supplied path. This matches the file-management purpose, but it is destructive.
def delete_file(self, path: str): ... url = "https://pan.baidu.com/api/filemanager" ... 'opera': 'delete' ... 'filelist': json.dumps([path])
Only invoke delete, move, or rename with explicit user intent; verify exact paths before running; consider adding an extra confirmation step for destructive operations.
Installing unpinned dependencies can make environments less reproducible and can expose users to dependency changes over time.
Setup uses manual, unpinned Python package installation. This is normal for a small API client, but it leaves dependency version/provenance control to the user.
pip install requests tqdm
Install in a virtual environment, use trusted package indexes, and pin dependency versions if deploying in a sensitive environment.