ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baidupcs-go - 百度网盘命令行工具

v1.0.0

命令行工具,支持百度网盘文件上传、下载、转存、分享及离线下载等多种操作,兼容多平台。

1· 203·0 current·0 all-time
by@linauror

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for linauror/baidupcs-go.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "baidupcs-go - 百度网盘命令行工具" (linauror/baidupcs-go) from ClawHub.
Skill page: https://clawhub.ai/linauror/baidupcs-go
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install baidupcs-go

ClawHub CLI

Package manager switcher

npx clawhub@latest install baidupcs-go
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and SKILL.md consistently describe a CLI helper for BaiduPCS-Go and the declared commands match that purpose. However, metadata (package.json) implies a Node package with a main index.js that is not present in the bundle, and the skill offers no official source or homepage — this mismatch is unexplained.
Instruction Scope
SKILL.md stays within the stated purpose: it documents usage of the BaiduPCS-Go program, login methods (interactive, BDUSS/STOKEN, cookies), config paths, and command semantics. It does not instruct the agent to read unrelated system files or to exfiltrate data. Caveat: it instructs users to supply sensitive credentials (cookies/BDUSS/STOKEN) and recommends downloading prebuilt binaries from a third‑party file host (Lanzou), which may be risky.
!
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself, but the included documentation points users to a third‑party download host (lanzoui.com) for prebuilt binaries. That host is not a well-known official release channel and increases risk if users follow those instructions. Also, no official project homepage or canonical release link is provided to verify integrity.
Credentials
The skill metadata does not request environment variables or credentials. The runtime instructions, however, require users to provide sensitive authentication artifacts (Cookies, BDUSS, STOKEN) to log into Baidu — which is expected for this tool but is sensitive. The bundle also references an optional BAIDUPCS_GO_CONFIG_DIR env var. No unrelated credentials or excessive environment access are requested.
Persistence & Privilege
Flags show no always:true and no install actions; the skill is user-invocable and not force-included. There is no indication the skill requests persistent system privileges or modifies other skills' configs.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found nothing — expected because this is an instruction-only skill with no executable code files for the scanner to analyze.
What to consider before installing
This skill appears to be documentation/wrappers for using the BaiduPCS-Go CLI and is internally coherent for that purpose, but exercise caution before using it. Key points to consider: - There is no official source or homepage listed; the README recommends downloading prebuilt binaries from a third‑party file host (lanzoui.com). Prefer obtaining BaiduPCS-Go from an authoritative source (official GitHub releases or trusted mirrors) and verify checksums before running binaries. - The package.json claims a Node entry point (index.js) that is not included in the bundle — this is a transparency gap. If you expect the skill to include code for automation, ask the publisher for the missing files or source links. - The tool requires sensitive authentication artifacts (Cookies, BDUSS, STOKEN). Never paste those values into services or tools you don't fully trust; treat them like passwords. If you must provide them, do so only to the official BaiduPCS-Go binary you obtained from a trusted source, and avoid sharing them with third-party hosts. - Because the skill is instruction-only, it will not automatically install anything. If you want to automate usage, obtain and inspect the actual BaiduPCS-Go binary or source first. If you plan to install/use this skill, request a trustworthy upstream/source URL and checksums from the publisher, and avoid following the provided third‑party binary download link unless you can verify its integrity.

Like a lobster shell, security has layers — review code before you run it.

latestvk977sshh0esc4320zngfc3sxrh8348s0
203downloads
1stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@linauror
latest
Download

BaiduPCS-Go Skill

百度网盘命令行客户端工具技能。提供文件上传、下载、转存、分享等操作的命令行封装。

技能描述

BaiduPCS-Go 是一个仿 Linux shell 风格的百度网盘命令行客户端,支持多平台(Windows、Linux、macOS),提供丰富的网盘操作命令。

核心功能

  • 账号管理: 登录、切换、退出百度账号
  • 文件操作: 上传、下载、删除、移动、重命名、拷贝
  • 分享功能: 创建分享、转存他人分享、取消分享
  • 离线下载: 支持 HTTP/HTTPS/FTP/磁力链等协议
  • 回收站: 查看、还原、删除回收站文件
  • 配置管理: 查看和修改程序配置项

使用场景

当用户需要:

  1. 通过命令行操作百度网盘文件
  2. 批量上传或下载网盘文件
  3. 转存他人分享的网盘链接
  4. 管理网盘分享链接
  5. 使用离线下载功能
  6. 查看网盘配额和文件信息

前置要求

  1. 已安装 BaiduPCS-Go 程序
  2. 已登录百度账号
  3. 了解基础命令行操作

命令说明

详细命令列表和使用方法参见 BaiduPCS-Go.md

注意事项

  • 普通用户请将 max_parallelmax_download_load 设置为 1,避免触发限速
  • SVIP 用户建议 max_parallel 设置为 10-20,max_download_load 设置为 1-2
  • 下载文件默认保存到程序所在目录的 download/ 目录
  • 上传文件默认采用分片上传,支持秒传
  • 谨慎修改 appiduser_agent 等配置项

配置文件路径

  • Windows: %APPDATA%\BaiduPCS-Go
  • Linux/macOS: $HOME/.config/BaiduPCS-Go
  • 可通过环境变量 BAIDUPCS_GO_CONFIG_DIR 指定

Comments

Loading comments...