百度网盘
v1.0.1百度网盘文件管理。支持上传、下载、转存、分享、搜索、移动、复制、重命名、创建文件夹。当用户提及"百度网盘""百度云""百度云盘""bdpan""网盘""云盘""baidu netdisk""baidu pan""baidu cloud"并涉及文件操作时触发。
⭐ 6· 12.2k·1 current·1 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Baidu Netdisk file management) match the included files and runtime instructions. The scripts (install/login/update/uninstall) and bdpan CLI invocation are appropriate for implementing upload/download/transfer/share/search and related operations.
Instruction Scope
SKILL.md instructs the agent to run bdpan CLI and included scripts and to operate only inside /apps/bdpan/. It requires reading local paths for uploads/downloads (expected). It also enforces not reading/printing ~/.config/bdpan/config.json and mandates interactive login via the provided login.sh. Note: the trigger rules will cause the skill to run when the user mentions Baidu Netdisk plus an explicit operation intent — ensure you only mention such triggers when you intend the skill to act.
Install Mechanism
There is no platform install spec in registry metadata, but scripts download binaries and update packages from Baidu CDN (issuecdn.baidupcs.com / pan.baidu.com). The install/update scripts include allowlists for hosts, HTTPS enforcement, file-size limits, SHA256 checksum verification, temporary extraction directories, and path-traversal/zip-bomb checks — these are appropriate mitigations for a download/install flow.
Credentials
The skill declares no required environment variables or credentials. Scripts accept optional environment variables (BDPAN_BIN, BDPAN_INSTALL_DIR, BDPAN_CONFIG_DIR) for user configuration; SKILL.md explicitly forbids the agent from setting those variables. Authentication is handled interactively via an OOB authorization code (no agent-held secrets), which is proportionate to the described functionality.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill does not demand permanent global presence or to modify other skills. Updates and installs require explicit user confirmation by default. Agent autonomy is permitted (platform default) but the skill includes several safeguards (confirmation, no silent updates, no automatic login).
Assessment
This skill appears to do what it says: it uses a bdpan CLI plus helper scripts to manage Baidu Netdisk and enforces constraints (operate only under /apps/bdpan, do not expose ~/.config/bdpan/config.json, interactive login). Before installing or using: (1) review the install and update scripts yourself if you can — they download executables from Baidu CDN but perform SHA256 checks and size limits; (2) be prepared to complete an interactive OOB login (you must paste the 32‑hex auth code); (3) avoid posting your config or tokens in chat and verify the agent does not print ~/.config/bdpan/config.json; (4) if you do not want the agent to run commands autonomously when you mention netdisk, avoid wording that matches the trigger rules or adjust invocation policy; (5) if you need higher assurance, run install/update manually rather than allowing the agent to run scripts automatically.Like a lobster shell, security has layers — review code before you run it.
latestvk971b4v75bnz08j4zhrz39srnx849rkg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.