ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quark Netdisk

v1.0.0

Automate Quark Drive (夸克网盘): QR-code login, list/search, upload, create share links (expiry/passcode), and save others' shared links into your drive. Use whe...

0· 221·0 current·0 all-time
by@stnjjjjj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for stnjjjjj/quark-netdisk.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Quark Netdisk" (stnjjjjj/quark-netdisk) from ClawHub.
Skill page: https://clawhub.ai/stnjjjjj/quark-netdisk
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install quark-netdisk

ClawHub CLI

Package manager switcher

npx clawhub@latest install quark-netdisk
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the bundled code: QR login, list/search, upload, create shares, and save shared links. The scripts implement the advertised commands and enforce remote/local allowlists. No unrelated cloud credentials or unexpected binaries are requested.
Instruction Scope
SKILL.md spells out allowlists, sensitive files, and QR orchestration. The code enforces the allowlists and writes/reads session artifacts under references/. However the runtime reads an environment override QUARK_COOKIE (not declared in requirements) and persists cookies/session/login_token/qr PNG to disk (documented as sensitive in the SKILL.md). The orchestration assumes the host agent will relay the QR to channels — the skill prints chat id and QR path but does not embed external bot tokens (as claimed).
Install Mechanism
No install spec is provided (instruction/code-only). Dependencies are listed in requirements.txt (standard PyPI packages). There are no downloads from remote URLs or extracted archives in the install metadata.
!
Credentials
The skill declares no required env vars, but the code will honor QUARK_COOKIE if present (undocumented in SKILL.md). More importantly, HTTP clients are constructed with trust_env=False (explicitly ignoring system proxy env vars like HTTP_PROXY/HTTPS_PROXY), which can cause direct network connections that bypass host proxy monitoring/auditing — a potential operational/security concern. The skill also generates and persists cookie/session files (session_api.json, cookies.json, login_token.json) and a qr_code.png; these contain auth tokens and should be protected/rotated if exposed.
Persistence & Privilege
The skill does persist session artifacts under its own references/ directory and writes cookies.json/session_api.json/login_token.json/qr_code.png. always:false and it does not modify other skills or system settings. Persisting credentials is necessary for functionality, but because these are sensitive tokens the persistence increases risk if the skill's files or host are shared or compromised.
Scan Findings in Context
[httpx-network-calls] expected: Network requests to Quark endpoints are the core functionality (QR login, API calls).
[cookie-persistence] expected: The skill must persist cookies/session to act as a client; SKILL.md also documents these files as sensitive.
[subprocess-open-qr] expected: The code tries to open qr_code.png locally via xdg-open for convenience; this is expected for local terminal use.
[read-QUARK_COOKIE-env] unexpected: The code reads QUARK_COOKIE as an override for cookies; SKILL.md does not declare this env var. It's useful for debugging but is an undeclared means to inject credentials.
[trust_env_false] unexpected: Clients set trust_env=False to ignore system proxy variables; functionally reasonable to avoid mis-parsed proxies, but it also bypasses host proxies/monitoring and should be considered a security/operational concern.
What to consider before installing
What to consider before installing: - Function: The skill appears to do what it says (QR login, browse/upload/share, save others’ shares) and enforces configured allowlists — set remoteAllowlist/localAllowlist in references/config.json before use. - Sensitive files: The skill will create and persist session_api.json, cookies.json, login_token.json and qr_code.png under the skill's references/ folder. These files contain authentication cookies/tokens; keep them private, restrict filesystem permissions, and rotate credentials if they are ever exposed. - Proxy/monitoring: The code disables using environment proxy variables (trust_env=False). That causes direct HTTPS connections to Quark endpoints and can bypass host proxies, auditing, or egress filters — if your environment requires traffic to go via a proxy for inspection, do not run this skill without modifying the code to honor proxies. - Undeclared env var: QUARK_COOKIE can override cookies if set in the environment. Treat any environment-based overrides as credential-bearing and avoid setting them in shared CI or multi-tenant hosts. - Run scope: Prefer running this skill in a controlled environment (personal machine, isolated container) and inspect the references/ folder after login. Confirm destructive operations require explicit confirmation and the allowlists are correct before issuing any delete/move commands. - If you need high assurance: review the code in scripts/* yourself (or ask an auditor) and consider changing trust_env to True or otherwise enforcing host proxy policies, and ensure proper permissions on the skill directory. If anything is unclear, treat the skill as untrusted until further review.

Like a lobster shell, security has layers — review code before you run it.

latestvk970czn9jdapczkbk6jnamwjwd83cb9n
221downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@stnjjjjj
latest
Download

Quark Drive automation (夸克网盘)

Hard constraints (must follow)

  • Remote allowlist: Only operate under remote path prefix(es) configured in references/config.json (or fallback references/config.example.json). Default allowlist should be /OpenClaw/**.
  • Local allowlist: Only read/upload from local path prefix(es) configured. Do not read arbitrary local paths.
  • Destructive operations need confirmation by default: delete / move / rename / copy / purge.
  • If Quark triggers captcha / risk control, stop and ask the user to take over in a real browser.

Privacy & safety (publishable skill defaults)

  • Treat these files as sensitive (never commit, never paste their contents):
    • references/session_api.json, references/cookies.json, references/login_token.json, references/qr_code.png
    • (If enabled) references/index.json (may contain private filenames/paths)
  • Do not print cookies, auth headers, or full raw responses unless user explicitly requests debug.
  • When sharing the skill, keep examples generic (no usernames, absolute paths, chat_id, or personal tokens).

Runtime / dependencies

  • Runtime: system Python (this repo does not bundle a venv).
  • Dependencies are expected to be installed by the host (often via OS packages). requirements.txt exists for portability/reference.

Config

  • Preferred: references/config.json
  • Fallback: references/config.example.json

Key fields (example names; see config.example.json):

  • remoteAllowlist: e.g. ["/OpenClaw/**"]
  • localAllowlist: e.g. ["/path/to/Uploads"]
  • loginTimeoutSeconds

Login workflow (QR)

Terminal (local)

  1. Run login-prepare to generate QR
  2. User scans in Quark App
  3. Run login-wait to persist session

Any OpenClaw channel (Telegram / WhatsApp / 飞书 ...)

Use orchestration pattern:

  1. Run: channel-run <op> ...
  2. If exit code == 10 and JSON contains need_login: true:
    • Send qr_png back to the current chat/channel
    • Immediately start login-wait (poll every ~5s)
    • When login succeeds, automatically reply in the same chat/channel (e.g. “登录成功”) and then re-run the original channel-run <op> ...

Machine-readable interaction exit codes (for orchestration):

  • 10: need_login=true
  • 11: need_pick=true (multiple candidates; re-run with --pick)
  • 12: need_confirm=true (destructive ops; re-run with --confirm)

Commands (scripts/quark_drive.py)

Invoke as:

  • python3 scripts/quark_drive.py <cmd> [args...]

Auth

  • login
  • login-prepare [--no-open]
  • login-wait
  • auth-status
  • channel-run <op> [args...] (preferred)
  • telegram-run <op> [args...] (alias)

Browse

  • mkdir <remote_path>
  • ls <remote_path> [--json]
  • search <keyword> [--allow-outside-openclaw] (privacy default: scoped to /OpenClaw/**)

Upload

  • upload <local_file>

Share (create link)

Conversation contract (important)

When the user asks to “生成分享链接/创建分享/分享某个文件(夹)”:

  1. Search candidates first (do not ask user to provide full remote path).
    • Default: use server search.
    • If server search is insufficient and the user wants stronger fuzzy search, use a client-side fuzzy index and rank results by fuzzy score.
      • Privacy default: build the index in-memory (ephemeral) and do not write it to disk.
    • Only keep candidates whose resolved path is inside remote allowlist.
  2. If multiple candidates: list them with index + path + type/size, ask user to pick.
  3. Before creating the share, ask:
    • Expiry: 1 / 7 / 30 / 永久
    • Passcode: 有 / 无
      • If 有: ask for the code; if user does not provide, generate one (4–6 alnum).
  4. If user does not answer: default to no passcode + permanent.

CLI

  • share-create <remote_path> [--days 1|7|30|0] [--passcode XXXX] [--title ...]
  • share-create-auto <keyword> [--pick N] [--days 1|7|30|0] [--passcode XXXX] [--local] [--allow-outside-openclaw]
    • If multiple candidates and --pick is omitted, returns JSON with need_pick=true and a candidate list.

Local index helpers:

  • index-build --root <remote_path> --max-items <n> [--write] (may issue many API calls; without --write it does not persist)
  • search-local <keyword> [--top N] (builds ephemeral index; does not persist)

Share (save others' share into my drive / 转存)

  • share-save <share_text_or_url> [--passcode XXXX] [--to /OpenClaw/FromShares] [--no-wait]

Notes:

  • Quark typically forbids saving your own share (will error). Use an external share to test.

Destructive

  • rename <src_path> <new_name>
  • mv <src_path> <dst_dir>
  • rm <src_path> --confirm (soft-delete into /OpenClaw/.trash)
  • purge-trash --days <n> --confirm

Troubleshooting

  • auth-status fails (401/403): session expired → run login flow again.
  • share-save fails with “用户禁止转存自己的分享”: you tried saving your own link → test with someone else’s share.
  • If endpoints change and commands start 404/410xx: capture a browser network request (copy as cURL) and update adapter.

Comments

Loading comments...