Baidu Cloud BOS
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: baidu-cloud-bos Version: 1.1.2 The skill bundle provides a legitimate integration for Baidu Cloud Object Storage (BOS). It includes a setup script (setup.sh) that correctly handles environment preparation, dependency installation, and credential persistence with security best practices such as input validation via regex and restricted file permissions (chmod 600). The Node.js implementation (bos_node.mjs) uses the official Baidu Cloud SDK to perform standard storage operations like uploading, downloading, and generating signed URLs. No evidence of malicious intent, data exfiltration to unauthorized endpoints, or prompt injection was found; the code is well-structured and aligns perfectly with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process that can use these saved credentials may be able to access or modify the configured BOS resources.
The skill asks for Baidu Cloud credentials and stores them locally for future sessions. This is expected for a BOS integration, but those credentials can grant significant cloud-storage authority.
我需要你的百度智能云凭证来连接 BOS 存储服务。请提供:1. AccessKeyId ... 2. SecretAccessKey ... 脚本会自动 ... 将凭证持久化到 ~/.config/openclaw/baidu-cloud-bos/credentials.json(权限 600)
Use a dedicated least-privilege Baidu Cloud key limited to the needed bucket/actions, rotate it if exposed, and remove the saved credentials when no longer needed.
A mistaken delete or sync command could remove files from BOS or from the local filesystem.
The documented bcecmd workflows include recursive deletion and sync deletion. These are normal object-storage management functions, but they can remove data if invoked with the wrong path or direction.
`bcecmd bos rm bos:/<bucket>/<bosdir>/ --recursive --yes` ... `bcecmd bos sync <localdir> bos:/<bucket>/<dir>/ [--delete]`
Require explicit user confirmation before delete, recursive delete, bucket removal, or sync with `--delete`; prefer dry-run/listing checks before destructive operations.
The behavior of the installed SDK could change over time depending on what npm resolves during setup.
The skill relies on an external npm package with a semver range rather than an exact pinned version. This is common for SDK integrations, but it means future installs may fetch newer dependency code.
"dependencies": { "@baiducloud/sdk": "^1.0.7" }Prefer a pinned dependency and lockfile for reproducible installs, or review the resolved package version before use.