ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baidu Netdisk Resource Saver

v1.0.0

Search for resources using Bing/Baidu, find Baidu Netdisk (百度网盘) share links, and save/transfer them to your netdisk. Use when the user wants to (1) Search f...

0· 60·0 current·0 all-time
by@nameefef
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (search web, find pan.baidu.com share links, and save them to Baidu Netdisk) align with the SKILL.md workflow. However, the SKILL.md repeatedly relies on two runtime tools — a 'bdpan' CLI and a 'browser' automation interface — yet the skill metadata lists no required binaries or dependencies. That omission is an inconsistency: a legitimate implementation would declare those as required.
Instruction Scope
The instructions stay within the stated purpose: they describe search queries, extraction of share links and passwords, verifying shares, and saving/transferring via CLI or browser automation. The instructions do not ask the agent to read unrelated local files or environment variables. They do assume the agent can perform web searches and automated browser actions and that a logged-in bdpan session may exist.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The included packaging script is benign and only packages directories into a zip; it does not perform network calls or privilege escalation.
Credentials
The skill declares no required environment variables or credentials, which fits the metadata. However, it implicitly depends on authenticated sessions (bdpan CLI or browser login) — the SKILL.md suggests the user must provide or already have authentication. That implicit dependence on credentials should be made explicit in metadata so users know what secrets/sessions are needed.
Persistence & Privilege
The skill does not request persistent/always-enabled privileges and uses default autonomous invocation settings. It doesn't attempt to modify other skills or system-wide settings in the provided files.
What to consider before installing
Before installing: 1) Confirm you (or your environment) have the bdpan CLI and the 'browser' automation tool the skill references — the skill does not declare these dependencies but will expect them at runtime. 2) Do not supply account credentials to the skill; instead authenticate manually in the browser or bdpan session as the SKILL.md suggests. 3) Be aware this automates finding and copying shared links; ensure you are not facilitating infringement and that saving the found content complies with your policies. 4) Because the skill interacts with external websites, test it in a controlled/sandboxed environment first. 5) If you plan to use it, ask the publisher to update metadata to declare required binaries/dependencies and to document exactly how authentication is handled.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w5s1cmps9bjkaywrns5t8583spjq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments