Skill Trust Decision
youdaonote
Skill implements a legitimate Youdao Cloud Notes CLI wrapper but documents a dangerous curl|bash installation pattern without adequate warnings, presenting moderate risk despite official source restrictions.
Most direct threat evidence
Critical Dangerous Command
curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Dangerous curl|bash pattern +25
Line 134 documents remote script execution via pipe to bash without explicit danger warnings in the command context
Missing allowed-tools declaration +10
SKILL.md frontmatter lacks allowed-tools; using Bash implies shell:WRITE capability not formally declared
Insufficient danger disclosure +7
While the skill mentions '建议用户在执行前确认命令来源可信', the warning appears late and lacks emphasis compared to the prominent install command
Most important evidence
Medium
Dangerous curl|bash installation pattern documented
Line 134 presents `curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash` as the official installation method. While restricted to official source and user-executed (not agent self-execution), the curl|bash anti-pattern is inherently dangerous as it bypasses script review.
SKILL.md:134 Replace with safer pattern: 1) Download to file, 2) User reviews content, 3) User executes with confirmation. Or add prominent warning: '⚠️ SECURITY WARNING: This command downloads and executes a script from the internet. Only proceed if you trust the source.'
Low
Missing allowed-tools declaration in frontmatter
The SKILL.md frontmatter lacks allowed-tools declaration. The skill implicitly requires Bash access (shell:WRITE) to execute youdaonote CLI commands, but this is not formally declared.
SKILL.md:1 Add to frontmatter: `allowedTools: ["Bash"]` to formally declare shell:WRITE capability requirement.
Low
Late and understated security guidance
Security guidance '建议用户在执行前确认命令来源可信' appears only in the Windows section and is not prominently displayed near the curl|bash command for macOS/Linux.
SKILL.md:128 Move warning to a prominent position before the installation commands, with stronger language and visual emphasis.
Declared capability vs actual capability
Shell Pass
Declared NONE
→ Inferred WRITE
SKILL.md:46-48, 134 - Uses Bash commands (youdaonote CLI invocations) implying shell:WRITE Network Pass
Declared NONE
→ Inferred READ
SKILL.md:134,140-141 - Downloads from official artifact.lx.netease.com; API calls to mopen.163.com for Youdao service Filesystem Pass
Declared NONE
→ Inferred READ
SKILL.md:46-48 - Uses --file flag for large content transfer (note.json, content.md) Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash SKILL.md:134
Medium External URL
https://mopen.163.com** SKILL.md:17
Medium External URL
https://artifact.lx.netease.com/download/youdaonote-cli/install.sh SKILL.md:126
Medium External URL
https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-x64.tar.gz SKILL.md:140
Medium External URL
https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-arm64.tar.gz SKILL.md:141
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 160 lines
Markdown 1 files · 160 lines
Files of concern · 1
SKILL.md Dangerous curl|bash installation pattern documented · Missing allowed-tools declaration in frontmatter · Late and understated security guidance · curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash · https://mopen.163.com** · https://artifact.lx.netease.com/download/youdaonote-cli/install.sh · https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-x64.tar.gz · https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-arm64.tar.gz
Security positives
Skill restricts installation to single official source (artifact.lx.netease.com) with explicit prohibition of alternatives
Agent does not self-execute installation; user manually runs commands as documented
No credential harvesting or exfiltration - API key is stored locally via official CLI config
No base64 encoding, eval(), or other code obfuscation patterns
No access to sensitive paths (~/.ssh, ~/.aws, .env)
No reverse shell, C2 communication, or data theft indicators
All network access is to official NetEase servers for legitimate service functionality
Clear documentation of CLI capabilities and proper error handling for missing dependencies