ClawHub

Baidu Pan OAuth2 Auth

v1.0.0

百度网盘OAuth2.0授权码模式,获取/刷新access_token。触发词:百度网盘授权、baidu pan auth、access_token过期、refresh_token刷新、百度网盘token。适用场景:(1)首次授权获取token (2)token过期后刷新 (3)定时刷新token保活。

0· 69·0 current·0 all-time
bysuperStupidBear@ugpoor

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ugpoor/baidu-pan-per-auth-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Baidu Pan OAuth2 Auth" (ugpoor/baidu-pan-per-auth-skill) from ClawHub.
Skill page: https://clawhub.ai/ugpoor/baidu-pan-per-auth-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install baidu-pan-per-auth-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install baidu-pan-per-auth-skill
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included script all implement the Baidu OAuth2 authorization-code and refresh flows. The only secrets used are AppKey/SecretKey (placed in a user-provided .env) and the tokens returned by Baidu — all expected for this purpose.
Instruction Scope
Runtime instructions are limited to opening the Baidu authorize URL in a browser, calling the included script with a .env path, and optionally verifying via pan.baidu.com. The script only reads/writes the provided .env and issues HTTPS requests to openapi.baidu.com; it does not access other system files, unrelated environment variables, or external endpoints.
Install Mechanism
No install spec; the skill is a small, local Python script using only standard library modules (urllib, json, datetime). No downloads, package installs, or archive extraction are performed.
Credentials
Metadata lists no required environment variables (correct for this bundle), but the workflow requires a local .env file containing AppKey and SecretKey which the script reads and then writes AccessToken/RefreshToken back to. Storing tokens and client secrets in plaintext .env files is expected here but worth protecting; the skill does not request unrelated credentials.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent config. The SKILL.md suggests an optional cron job to run the script periodically — scheduling that job is a user action and not performed automatically by the skill.
Assessment
This skill appears to do only what it claims: exchange and refresh Baidu Pan OAuth tokens. Before installing: (1) keep the .env file private (store it outside version control, set restrictive file permissions, e.g., chmod 600), (2) when invoking, point the script at a local .env you control — do not point it to system-wide config files, (3) review and run the included script locally (it uses HTTPS to openapi.baidu.com and writes tokens to the .env), (4) if you create a scheduled cron via OpenClaw, run it in an isolated session and ensure the job uses the correct env path, and (5) rotate credentials if the .env is ever exposed. Overall the skill is internally consistent and low-risk if you follow standard secret-handling practices.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v18gpqv2ttbxqn570cgq4n85c0zd
69downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
superStupidBear@ugpoor
latest
Download

百度网盘个人应用授权

前提

已有百度网盘开放平台应用(https://pan.baidu.com/union/doc/al0rwqzzl),.env文件含AppKey和SecretKey。

参考 assets/example.env 创建.env文件,填入实际凭据。

授权流程

首次授权(3步)

Step 1 — 浏览器打开授权页:

https://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id={AppKey}&redirect_uri=oob&scope=basic,netdisk&device_id={AppID}

用户登录→点授权→页面显示授权码code(10分钟有效,仅一次)

Step 2 — 换取Token:

python3 scripts/auth.py code <code> </path/to/.env>

成功后.env自动更新AccessToken/RefreshToken/ExpiresIn/Scope/AuthDate

Step 3 — 验证:

curl -s 'https://pan.baidu.com/rest/2.0/xpan/nas?method=uinfo&access_token={AccessToken}' -H 'User-Agent: pan.baidu.com'

返回errno=0即有效。

刷新Token(过期后)

access_token有效期30天。过期后用refresh_token刷新:

python3 scripts/auth.py refresh </path/to/.env>

刷新后.env自动更新所有token字段(含新refresh_token)。旧refresh_token立即失效。

定时刷新(推荐)

建议每25天自动刷新,避免token过期。通过cron定时任务实现:

cron add → schedule: {"kind":"every","everyMs":2160000000}(25天)
         → payload.message: "执行百度网盘token刷新:运行 python3 <skill_path>/scripts/auth.py refresh </path/to/.env>,报告结果"
         → sessionTarget: isolated

或用CLI:

openclaw cron add --name "百度网盘token刷新" --every 25d --session isolated \
  --message "执行百度网盘token刷新:运行 python3 <skill_path>/scripts/auth.py refresh </path/to/.env>,报告结果"

关键参数

参数说明
redirect_urioob必须与开放平台配置一致
code有效期10分钟仅一次
access_token有效期30天刷新后旧token失效
refresh_token有效期10年仅一次使用,刷新后返回新refresh_token
scopebasic,netdisk固定值

故障排查

  • error: invalid_grant → code过期或已使用,重新授权
  • error: invalid_refresh_token → refresh_token已用或过期,需重新授权(Step 1)
  • 网络超时 → 国内直连即可,无需代理

Comments

Loading comments...