Baidu Disk Helper
v1.0.0A tool to manage Baidu Wangpan (Baidu Netdisk) files using the official Baidu Open API. Supports checking quota, listing files, searching, generating downloa...
⭐ 0· 245·0 current·0 all-time
byZhang Yi@zhangyi-3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, the included Python script, and the runtime instructions all consistently implement a Baidu Wangpan client using the official Baidu endpoints. The skill does not request unrelated cloud credentials or system-wide access. One minor inconsistency: SKILL.md uses the path ~/.openclaw/workspace/skills/baidu-wangpan/... while the registry slug is 'baidu-disk-helper' and the skill files are under scripts/. That path/name mismatch may cause the example exec commands to fail unless the agent installs the skill under the expected directory.
Instruction Scope
Instructions direct the agent to run the bundled Python script and to accept the user's AppKey/SecretKey and authorization code via chat. The script only interacts with Baidu endpoints and reads/writes a local config file (~/.openclaw/workspace/bwp_config.json). Be aware that asking users to paste secrets into the agent/chat means those secrets will be visible to the agent runtime and may be stored in that config file; the SKILL.md states keys are only used locally, and the code only sends tokens to Baidu endpoints, but the agent platform's chat logs or telemetry (outside the skill) could capture them if the user pastes them into chat.
Install Mechanism
There is no install spec (instruction-only plus a bundled script). That keeps disk/write operations limited to the bundled script and the config file the script creates. No external downloads or third-party installers are performed by the skill itself.
Credentials
The skill requests no environment variables or system credentials; it requires the user to supply an AppKey and SecretKey (BYOK) which is appropriate for a developer-key-based API. The only persistent artifact is a local JSON config file with tokens. This is proportionate, but users should understand that secrets are stored on disk in that file and provided via agent/chat input.
Persistence & Privilege
always is false and the skill does not request elevated or global agent privileges. It writes its own config file under ~/.openclaw/workspace/bwp_config.json (expected for a client that caches tokens) and does not modify other skills or system-wide settings.
Assessment
This skill is internally coherent for managing Baidu Netdisk: it uses Baidu's OAuth endpoints and API and stores tokens locally. Before installing: 1) Confirm you're comfortable pasting your AppKey/SecretKey and the OAuth code into the agent chat — those values will be stored in ~/.openclaw/workspace/bwp_config.json. If you prefer, run the provided Python script yourself outside the agent so keys never go into chat. 2) Note the path example in SKILL.md (~/.../skills/baidu-wangpan/...) may not match the installed skill directory (slug: baidu-disk-helper); you may need to adjust the command paths to the actual skill location. 3) Inspect the config file and delete it if you revoke keys or uninstall the skill. 4) If you want higher assurance, run the script locally (open the script and execute it manually) rather than giving keys to the agent; provide the remaining/complete script (the manifest had a truncated portion) if you'd like me to re-check for any hidden behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk970te1gsbexdb56zar0qc8vr982ntfb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.