ClawHub

Baidu Drive

Security checks across malware telemetry and agentic risk

Overview

This Baidu Drive skill performs disclosed cloud file management with expected login, install, update, and uninstall powers that users should handle deliberately.

Install only if you trust the Baidu CLI source and are comfortable granting this skill access to your Baidu Drive account. Review paths before uploads, downloads, transfers, and shares; treat share links as externally accessible; avoid using this on public machines; and log out or uninstall when you no longer want local credentials retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The manifest describes a file-management skill, but the content also authorizes installation, update, login/logout, and uninstall flows, including downloading and executing installer/update scripts from a remote CDN. That broadens the trust boundary and permits code execution and lifecycle management behaviors users may not expect from a simple storage skill, increasing supply-chain and unintended-action risk.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The documented behavior exceeds the manifest description by including installation, authentication management, updates, and uninstall actions. This kind of scope expansion is dangerous because users and policy layers may approve the skill for low-risk file handling while it can also perform higher-risk system and account-management actions.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Embedding software install, update, and uninstall capabilities inside a file-management skill unnecessarily expands its authority and attack surface. In context, these actions are more dangerous because they enable remote code retrieval/execution and local state modification beyond ordinary Baidu Drive file operations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation exposes an uninstall capability that deletes local binaries and configuration, which exceeds the skill's declared Baidu Drive file-management scope. In an agent setting, out-of-scope destructive maintenance commands increase risk because a model could invoke them under ambiguous user requests and cause local denial of service or credential loss.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documented self-update mechanism fetches remote content, unpacks it, and overwrites local skill files, which is beyond the stated cloud file-management purpose. Even with optional checksum support, a remote update path materially expands the attack surface through supply-chain and unintended code-modification risks.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This section explicitly describes downloading a zip from a remote endpoint and extracting it over the local skill, which is a software update action unrelated to normal Baidu Drive file operations. In an agent-executed environment, that creates supply-chain and integrity risks because remote content can change behavior after initial review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples normalize upload, share, and download operations without showing any user-facing confirmation about exposing files via public share links or writing data to the local filesystem. In an agent skill, users may follow these examples directly, increasing the risk of accidental data disclosure or unintended local file modification when handling sensitive files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The transfer examples save third-party shared content into the user's cloud storage without any warning that this imports external data into their account. This can cause users to unknowingly store untrusted, inappropriate, or quota-consuming content, and obscures the side effect of persisting externally sourced files.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
# 3. 下载完成后清理日志
rm -f /tmp/bdpan-dl-<PID>.log
```

Agent 执行大文件后台下载时的行为规范:
Confidence
78% confidence
Finding
rm -f /tmp/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal