baidu-netdisk-skill 安全扫描报告 — 低风险 | ClawSafe

25 /100

baidu-netdisk-skill

Baidu Netdisk file management for OpenClaw - List, search, download, upload with OAuth 2.0

The skill is a legitimate Baidu Netdisk management tool with no malicious behavior, but suffers from a hardcoded encryption key that defeats the stated AES-256 token protection claim.

技能名称baidu-netdisk-skill

分析耗时50.0s

引擎pi

✓

可以安装

Replace the hardcoded ENCRYPTION_KEY with a properly derived key (e.g., PBKDF2 from user-supplied password) or use a platform keychain. Pin dependency versions and correct the tools:["exec"] declaration which overstates actual capabilities.

安全发现 4 项

严重性	安全发现	位置
中危	Hardcoded AES-256 encryption key 敏感访问 The encryption key used to protect OAuth tokens is derived from a static, publicly known string 'baidu-netdisk-skill-secret-2026'. Anyone with access to the source code can trivially decrypt all stored access/refresh tokens. This defeats the stated 'AES-256 token encryption' security claim. `const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY \|\| crypto.createHash('sha256').update('baidu-netdisk-skill-secret-2026').digest('hex');` → Derive the key from a user-provided password using PBKDF2, or leverage OS keychain APIs (Keychain on macOS, GNOME Keyring on Linux). Fallback to static string should be removed entirely.	`src/auth.js:44`
中危	Hardcoded AES-256 encryption key (duplicate) 敏感访问 Identical hardcoded key pattern in baidu-api.js, line 21. Both auth.js and baidu-api.js must be patched together. `const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY \|\| crypto.createHash('sha256').update('baidu-netdisk-skill-secret-2026').digest('hex');` → Use a centralized key derivation approach shared across both files.	`src/baidu-api.js:21`
低危	Tool declaration overstates actual capabilities 文档欺骗 skill.json declares tools:["exec"] implying shell execution capability (shell:WRITE), but the codebase contains zero subprocess/spawn calls. The tool is a pure Node.js HTTP client. This mismatch between declared and actual permissions could mislead security reviewers. `"tools": ["exec"]` → Update skill.json tools array to reflect actual capabilities. No shell execution is used.	`skill.json:12`
低危	Unpinned npm dependencies 供应链 All dependencies in package.json use caret (^) version ranges (e.g., axios@^1.6.0, crypto-js@^4.2.0). This allows automatic minor/patch updates which could introduce malicious or vulnerable versions without explicit review. `"axios": "^1.6.0", "crypto-js": "^4.2.0", "commander": "^11.1.0", "conf": "^10.2.0", "ora": "^5.4.1", "chalk": "^4.1.2"` → Pin all dependency versions to exact versions (remove ^ prefix) and use package-lock.json consistently.	`package.json:39`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`READ`	✓ 一致	src/index.js:179 — reads localPath via fs.existsSync and fs.statSync for upload …
网络访问	`READ`	`READ`	✓ 一致	All HTTP calls exclusively to pan.baidu.com and openapi.baidu.com (Baidu officia…
命令执行	`WRITE`	`NONE`	✓ 一致	skill.json tools:["exec"] implies shell:WRITE, but no subprocess/spawn calls exi…
环境变量	`NONE`	`READ`	✓ 一致	auth.js:51-52 reads BAI_DU_API_KEY and BAI_DU_SECRET_KEY from process.env

27 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:5

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Node.js-%3E%3D18.0.0-green.svg

README.md:6

🔗

中危外部 URL 外部 URL

https://nodejs.org/

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blue.svg

README.md:7

🔗

中危外部 URL 外部 URL

https://clawhub.ai/

README.md:7

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Security-Self--Audited-brightgreen.svg

README.md:8

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Privacy-No%20Data%20Collection-success.svg

README.md:9

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/union/console

README.md:150

🔗

中危外部 URL 外部 URL

https://clawhub.ai/niukesi/baidu-netdisk-skill

TODO.md:60

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/union/apply

docs/QUICKSTART.md:7

🔗

中危外部 URL 外部 URL

https://openapi.baidu.com/oauth/2.0/authorize?

docs/QUICKSTART.md:30

🔗

中危外部 URL 外部 URL

https://openapi.baidu.com/oauth/2.0/token?grant_type=authorization_code&code=你的

docs/QUICKSTART.md:40

🔗

中危外部 URL 外部 URL

https://opencollective.com/eslint

package-lock.json:43

🔗

中危外部 URL 外部 URL

https://www.patreon.com/feross

package-lock.json:331

🔗

中危外部 URL 外部 URL

https://feross.org/support

package-lock.json:335

🔗

中危外部 URL 外部 URL

https://eslint.org/version-support

package-lock.json:723

🔗

中危外部 URL 外部 URL

https://opencollective.com/fastify

package-lock.json:925

🔗

中危外部 URL 外部 URL

https://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id=$

src/auth.js:54

🔗

中危外部 URL 外部 URL

https://openapi.baidu.com/oauth/2.0/token

src/auth.js:80

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/rest/2.0/xpan

src/baidu-api.js:40

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/union/doc/pksg0s9ns

src/baidu-api.js:99

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/rest/2.0/xpan/nas

src/baidu-api.js:103

🔗

中危外部 URL 外部 URL

https://pan.baidu.com/rest/2.0/xpan/file

src/baidu-api.js:131

📧

提示邮箱邮箱地址

[email protected]

README.md:299

📧

提示邮箱邮箱地址

[email protected]

SECURITY.md:161

📧

提示邮箱邮箱地址

[email protected]

package-lock.json:1085

目录结构

13 文件 · 121.0 KB · 3972 行

JSON 4f · 2271L Markdown 5f · 907L JavaScript 3f · 686L Shell 1f · 108L

├─ ▾ 📁 docs

│ └─ 📝 QUICKSTART.md Markdown 147L · 2.9 KB

├─ ▾ 📁 src

│ ├─ 📜 auth.js JavaScript 123L · 4.0 KB

│ ├─ 📜 baidu-api.js JavaScript 324L · 8.3 KB

│ └─ 📜 index.js JavaScript 239L · 7.3 KB

├─ 📋 _meta.json JSON 5L · 138 B

├─ 📋 package-lock.json JSON 2101L · 72.8 KB

├─ 📋 package.json JSON 61L · 1.4 KB

├─ 📝 README.md Markdown 361L · 8.8 KB

├─ 📝 SECURITY.md Markdown 197L · 3.9 KB

├─ 📋 skill.json JSON 104L · 3.2 KB

├─ 📝 SKILL.md Markdown 126L · 3.4 KB

├─ 🔧 test-local.sh Shell 108L · 3.2 KB

└─ 📝 TODO.md Markdown 76L · 1.7 KB

依赖分析 6 项

包名	版本	来源	已知漏洞	备注
`axios`	`^1.6.0`	npm	否	Version not pinned (caret range)
`crypto-js`	`^4.2.0`	npm	否	Version not pinned; used for encryption (affected by hardcoded key)
`commander`	`^11.1.0`	npm	否	Version not pinned
`conf`	`^10.2.0`	npm	否	Version not pinned; handles config storage
`ora`	`^5.4.1`	npm	否	Version not pinned; terminal spinner
`chalk`	`^4.1.2`	npm	否	Version not pinned; terminal styling

安全亮点

✓ No reverse shell, C2, or data exfiltration to third-party servers — all network traffic is exclusively to Baidu official APIs

✓ No base64-encoded execution, eval(), or other code obfuscation patterns

✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env, credential files)

✓ No credential harvesting — tokens stored locally only, not transmitted elsewhere

✓ OAuth flow uses Baidu's official authorization page with user interaction

✓ Source code is straightforward and auditable — no hidden functionality found

✓ No curl|bash or wget|sh remote script execution patterns