youdaonote 安全扫描报告 — 可疑 | ClawSafe

42 /100

youdaonote

有道云笔记全能工具：笔记管理、待办管理、网页剪藏

Skill implements a legitimate Youdao Cloud Notes CLI wrapper but documents a dangerous curl|bash installation pattern without adequate warnings, presenting moderate risk despite official source restrictions.

技能名称youdaonote

分析耗时60.5s

引擎pi

⚠

谨慎使用

Replace curl|bash with safer alternatives (manual download + verify + execute) or explicitly warn users about the inherent risks of piping remote scripts to bash. Consider adding allowed-tools declaration to SKILL.md frontmatter.

安全发现 3 项

严重性	安全发现	位置
中危	Dangerous curl\|bash installation pattern documented Line 134 presents `curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh \| bash` as the official installation method. While restricted to official source and user-executed (not agent self-execution), the curl\|bash anti-pattern is inherently dangerous as it bypasses script review. `curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh \| bash -s -- -f -b ~/.local/bin` → Replace with safer pattern: 1) Download to file, 2) User reviews content, 3) User executes with confirmation. Or add prominent warning: '⚠️ SECURITY WARNING: This command downloads and executes a script from the internet. Only proceed if you trust the source.'	`SKILL.md:134`
低危	Missing allowed-tools declaration in frontmatter The SKILL.md frontmatter lacks allowed-tools declaration. The skill implicitly requires Bash access (shell:WRITE) to execute youdaonote CLI commands, but this is not formally declared. `--- name: youdaonote description: "..." official: true version: 1.0.3 minCliVersion: "1.2.0" ---` → Add to frontmatter: `allowedTools: ["Bash"]` to formally declare shell:WRITE capability requirement.	`SKILL.md:1`
低危	Late and understated security guidance Security guidance '建议用户在执行前确认命令来源可信' appears only in the Windows section and is not prominently displayed near the curl\|bash command for macOS/Linux. `建议用户在执行前确认命令来源可信；如对管道执行有顾虑，可先下载脚本后本地查看再执行` → Move warning to a prominent position before the installation commands, with stronger language and visual emphasis.	`SKILL.md:128`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✓ 一致	SKILL.md:46-48, 134 - Uses Bash commands (youdaonote CLI invocations) implying s…
网络访问	`NONE`	`READ`	✓ 一致	SKILL.md:134,140-141 - Downloads from official artifact.lx.netease.com; API call…
文件系统	`NONE`	`READ`	✓ 一致	SKILL.md:46-48 - Uses --file flag for large content transfer (note.json, content…

1 严重 5 项发现

💀

严重危险命令危险 Shell 命令

curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash

SKILL.md:134

🔗

中危外部 URL 外部 URL

https://mopen.163.com**

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://artifact.lx.netease.com/download/youdaonote-cli/install.sh

SKILL.md:126

🔗

中危外部 URL 外部 URL

https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-x64.tar.gz

SKILL.md:140

🔗

中危外部 URL 外部 URL

https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-arm64.tar.gz

SKILL.md:141

目录结构

1 文件 · 8.8 KB · 160 行

Markdown 1f · 160L

└─ 📝 SKILL.md Markdown 160L · 8.8 KB

安全亮点

✓ Skill restricts installation to single official source (artifact.lx.netease.com) with explicit prohibition of alternatives

✓ Agent does not self-execute installation; user manually runs commands as documented

✓ No credential harvesting or exfiltration - API key is stored locally via official CLI config

✓ No base64 encoding, eval(), or other code obfuscation patterns

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No reverse shell, C2 communication, or data theft indicators

✓ All network access is to official NetEase servers for legitimate service functionality

✓ Clear documentation of CLI capabilities and proper error handling for missing dependencies