安全决策报告
youdaonote
Skill implements a legitimate Youdao Cloud Notes CLI wrapper but documents a dangerous curl|bash installation pattern without adequate warnings, presenting moderate risk despite official source restrictions.
最直接的威胁证据
严重 危险命令
curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Dangerous curl|bash pattern +25
Line 134 documents remote script execution via pipe to bash without explicit danger warnings in the command context
Missing allowed-tools declaration +10
SKILL.md frontmatter lacks allowed-tools; using Bash implies shell:WRITE capability not formally declared
Insufficient danger disclosure +7
While the skill mentions '建议用户在执行前确认命令来源可信', the warning appears late and lacks emphasis compared to the prominent install command
最关键的证据
中危
Dangerous curl|bash installation pattern documented
Line 134 presents `curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash` as the official installation method. While restricted to official source and user-executed (not agent self-execution), the curl|bash anti-pattern is inherently dangerous as it bypasses script review.
SKILL.md:134 Replace with safer pattern: 1) Download to file, 2) User reviews content, 3) User executes with confirmation. Or add prominent warning: '⚠️ SECURITY WARNING: This command downloads and executes a script from the internet. Only proceed if you trust the source.'
低危
Missing allowed-tools declaration in frontmatter
The SKILL.md frontmatter lacks allowed-tools declaration. The skill implicitly requires Bash access (shell:WRITE) to execute youdaonote CLI commands, but this is not formally declared.
SKILL.md:1 Add to frontmatter: `allowedTools: ["Bash"]` to formally declare shell:WRITE capability requirement.
低危
Late and understated security guidance
Security guidance '建议用户在执行前确认命令来源可信' appears only in the Windows section and is not prominently displayed near the curl|bash command for macOS/Linux.
SKILL.md:128 Move warning to a prominent position before the installation commands, with stronger language and visual emphasis.
声明能力 vs 实际能力
命令执行 通过
声明 NONE
→ 推断 WRITE
SKILL.md:46-48, 134 - Uses Bash commands (youdaonote CLI invocations) implying shell:WRITE 网络访问 通过
声明 NONE
→ 推断 READ
SKILL.md:134,140-141 - Downloads from official artifact.lx.netease.com; API calls to mopen.163.com for Youdao service 文件系统 通过
声明 NONE
→ 推断 READ
SKILL.md:46-48 - Uses --file flag for large content transfer (note.json, content.md) 可疑产物与外联
严重 危险命令
curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash SKILL.md:134
中危 外部 URL
https://mopen.163.com** SKILL.md:17
中危 外部 URL
https://artifact.lx.netease.com/download/youdaonote-cli/install.sh SKILL.md:126
中危 外部 URL
https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-x64.tar.gz SKILL.md:140
中危 外部 URL
https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-arm64.tar.gz SKILL.md:141
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 160 行
Markdown 1 个文件 · 160 行
需关注文件 · 1
SKILL.md Dangerous curl|bash installation pattern documented · Missing allowed-tools declaration in frontmatter · Late and understated security guidance · curl -fsSL https://artifact.lx.netease.com/download/youdaonote-cli/install.sh | bash · https://mopen.163.com** · https://artifact.lx.netease.com/download/youdaonote-cli/install.sh · https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-x64.tar.gz · https://artifact.lx.netease.com/download/youdaonote-cli/youdaonote-cli-windows-arm64.tar.gz
安全亮点
Skill restricts installation to single official source (artifact.lx.netease.com) with explicit prohibition of alternatives
Agent does not self-execute installation; user manually runs commands as documented
No credential harvesting or exfiltration - API key is stored locally via official CLI config
No base64 encoding, eval(), or other code obfuscation patterns
No access to sensitive paths (~/.ssh, ~/.aws, .env)
No reverse shell, C2 communication, or data theft indicators
All network access is to official NetEase servers for legitimate service functionality
Clear documentation of CLI capabilities and proper error handling for missing dependencies