ClawHub

Baidu Netdisk Skill

Security checks across malware telemetry and agentic risk

Overview

This Baidu Netdisk skill is mostly purpose-aligned, but it needs Review because it handles long-lived cloud-storage credentials and remote file writes while overstating or under-disclosing key security details.

Install only if you are comfortable granting this skill access to read and write your Baidu Netdisk. Prefer the OAuth flow or environment variables over command-line secrets, set a unique ENCRYPTION_KEY before use, avoid running the local test script in shared logs, and review upload targets carefully because remote files may be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The manifest claims tokens are locally encrypted, but the configuration explicitly allows a default built-in encryption key. A built-in/shared key does not provide meaningful per-user secret protection because anyone with the package or source can derive the same key and decrypt stored OAuth tokens.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script reads a credential-bearing config file from the user's home directory and prints portions of API key, secret, access token, and refresh token to stdout. Even though values are truncated, exposing credential material in terminal output, logs, recordings, or CI artifacts increases the risk of credential leakage and is not strictly necessary for local file-management testing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README shows data-modifying upload behavior and states that sensitive OAuth/API credentials are stored locally, but it does not place a clear warning near the usage examples about local secret persistence, permission scope, or overwrite/side-effect risks. In an agent context, this can lead users to enable a skill that writes files and stores long-lived tokens without fully understanding the security implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quickstart instructs users to pass API keys, client secrets, access tokens, and refresh tokens directly on the command line without warning that these values can be exposed via shell history, process listings, terminal logging, or shared screenshots. In a real deployment, this can lead to credential compromise and unauthorized access to the user's Baidu Netdisk account.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases "list files" and "search files" are overly generic and can cause unintended invocation during unrelated user requests. In an agent setting, broad activation increases the chance the skill accesses cloud storage context when the user intended a different local or non-Baidu file operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal