ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quark Netdisk

v1.0.0

Automate Quark Drive (夸克网盘): QR-code login, list/search, upload, create share links (expiry/passcode), and save others' shared links into your drive. Use whe...

0· 175·0 current·0 all-time
by@stnjjjjj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the bundled code: QR login, list/search, upload, create shares, and save shared links. The scripts implement the advertised commands and enforce remote/local allowlists. No unrelated cloud credentials or unexpected binaries are requested.
Instruction Scope
SKILL.md spells out allowlists, sensitive files, and QR orchestration. The code enforces the allowlists and writes/reads session artifacts under references/. However the runtime reads an environment override QUARK_COOKIE (not declared in requirements) and persists cookies/session/login_token/qr PNG to disk (documented as sensitive in the SKILL.md). The orchestration assumes the host agent will relay the QR to channels — the skill prints chat id and QR path but does not embed external bot tokens (as claimed).
Install Mechanism
No install spec is provided (instruction/code-only). Dependencies are listed in requirements.txt (standard PyPI packages). There are no downloads from remote URLs or extracted archives in the install metadata.
!
Credentials
The skill declares no required env vars, but the code will honor QUARK_COOKIE if present (undocumented in SKILL.md). More importantly, HTTP clients are constructed with trust_env=False (explicitly ignoring system proxy env vars like HTTP_PROXY/HTTPS_PROXY), which can cause direct network connections that bypass host proxy monitoring/auditing — a potential operational/security concern. The skill also generates and persists cookie/session files (session_api.json, cookies.json, login_token.json) and a qr_code.png; these contain auth tokens and should be protected/rotated if exposed.
Persistence & Privilege
The skill does persist session artifacts under its own references/ directory and writes cookies.json/session_api.json/login_token.json/qr_code.png. always:false and it does not modify other skills or system settings. Persisting credentials is necessary for functionality, but because these are sensitive tokens the persistence increases risk if the skill's files or host are shared or compromised.
Scan Findings in Context
[httpx-network-calls] expected: Network requests to Quark endpoints are the core functionality (QR login, API calls).
[cookie-persistence] expected: The skill must persist cookies/session to act as a client; SKILL.md also documents these files as sensitive.
[subprocess-open-qr] expected: The code tries to open qr_code.png locally via xdg-open for convenience; this is expected for local terminal use.
[read-QUARK_COOKIE-env] unexpected: The code reads QUARK_COOKIE as an override for cookies; SKILL.md does not declare this env var. It's useful for debugging but is an undeclared means to inject credentials.
[trust_env_false] unexpected: Clients set trust_env=False to ignore system proxy variables; functionally reasonable to avoid mis-parsed proxies, but it also bypasses host proxies/monitoring and should be considered a security/operational concern.
What to consider before installing
What to consider before installing: - Function: The skill appears to do what it says (QR login, browse/upload/share, save others’ shares) and enforces configured allowlists — set remoteAllowlist/localAllowlist in references/config.json before use. - Sensitive files: The skill will create and persist session_api.json, cookies.json, login_token.json and qr_code.png under the skill's references/ folder. These files contain authentication cookies/tokens; keep them private, restrict filesystem permissions, and rotate credentials if they are ever exposed. - Proxy/monitoring: The code disables using environment proxy variables (trust_env=False). That causes direct HTTPS connections to Quark endpoints and can bypass host proxies, auditing, or egress filters — if your environment requires traffic to go via a proxy for inspection, do not run this skill without modifying the code to honor proxies. - Undeclared env var: QUARK_COOKIE can override cookies if set in the environment. Treat any environment-based overrides as credential-bearing and avoid setting them in shared CI or multi-tenant hosts. - Run scope: Prefer running this skill in a controlled environment (personal machine, isolated container) and inspect the references/ folder after login. Confirm destructive operations require explicit confirmation and the allowlists are correct before issuing any delete/move commands. - If you need high assurance: review the code in scripts/* yourself (or ask an auditor) and consider changing trust_env to True or otherwise enforcing host proxy policies, and ensure proper permissions on the skill directory. If anything is unclear, treat the skill as untrusted until further review.

Like a lobster shell, security has layers — review code before you run it.

latestvk970czn9jdapczkbk6jnamwjwd83cb9n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments