中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:21 小时前 重新扫描
5 /100
baidupcs-go
百度网盘命令行客户端工具技能 — wraps BaiduPCS-Go CLI for file upload, download, transfer, and sharing
This is a pure-documentation skill that wraps a legitimate open-source Baidu Netdisk CLI tool (BaiduPCS-Go). No executable scripts, no code, no malicious indicators.
技能名称baidupcs-go
分析耗时27.4s
引擎pi
可以安装
This skill is safe to use. No action required.

安全发现 1 项

严重性 安全发现 位置
提示
Hardcoded IP in user_agent documentation example 文档欺骗
The BaiduPCS-Go.md documentation includes a user_agent example containing the IP '2.2.51.6'. This is a Baidu netdisk client identifier used as a CDN/serial number in User-Agent strings sent to Baidu's official API servers. It is not a C2 IP address.
BaiduPCS-Go config set -user_agent "netdisk;2.2.51.6;netdisk;10.0.63;PC;android-android"
→ No action needed. This is a standard Baidu netdisk User-Agent format, not external IP contact.
 BaiduPCS-Go.md:694
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No filesystem access in skill — file operations delegated to installed BaiduPCS-…
网络访问 NONE NONE Skill issues no network requests; external traffic is Baidu API only (via instal…
命令执行 NONE NONE No shell invocation in skill files
环境变量 NONE NONE BAIDUPCS_GO_CONFIG_DIR is documented as optional, not accessed by skill code
技能调用 NONE NONE No inter-skill invocations
剪贴板 NONE NONE Not accessed
浏览器 NONE NONE Not accessed
数据库 NONE NONE Not accessed
1 高危 11 项发现
📡
高危 IP 地址 硬编码 IP 地址
2.2.51.6
BaiduPCS-Go.md:694
🔗
中危 外部 URL 外部 URL
https://baike.baidu.com/item/通配符
BaiduPCS-Go.md:87
🔗
中危 外部 URL 外部 URL
https://wws.lanzoui.com/b01berebe
BaiduPCS-Go.md:327
🔗
中危 外部 URL 外部 URL
https://termux.com
BaiduPCS-Go.md:357
🔗
中危 外部 URL 外部 URL
https://web.archive.org/web/20190820154934/https://github.com/iikira/BaiduPCS-Go/wiki/Android-%E8%BF%90%E8%A1%8C%E6%9C%A...
BaiduPCS-Go.md:359
🔗
中危 外部 URL 外部 URL
https://web.archive.org/web/20190820155025/https://github.com/iikira/BaiduPCS-Go/wiki/iOS-%E8%BF%90%E8%A1%8C%E6%9C%AC%E9...
BaiduPCS-Go.md:363
🔗
中危 外部 URL 外部 URL
https://blog.csdn.net/ykiwmy/article/details/103730962
BaiduPCS-Go.md:396
🔗
中危 外部 URL 外部 URL
https://jingyan.baidu.com/article/5553fa829a6a9e65a23934b0.html
BaiduPCS-Go.md:405
🔗
中危 外部 URL 外部 URL
https://pan.baidu.com/s/12L_ZZVNxz5f_2CccoyyVrW
BaiduPCS-Go.md:825
🔗
中危 外部 URL 外部 URL
https://pan.baidu.com/s/12L_ZZVNxz5f_2CccoyyVrW?pwd=edv4
BaiduPCS-Go.md:827
🔗
中危 外部 URL 外部 URL
http://baidu.com
BaiduPCS-Go.md:910

目录结构

4 文件 · 38.0 KB · 1315 行
Markdown 2f · 1220L JSON 2f · 95L
├─ 📝 BaiduPCS-Go.md Markdown 1170L · 33.7 KB
├─ 📋 commands.json JSON 77L · 2.2 KB
├─ 📋 package.json JSON 18L · 344 B
└─ 📝 SKILL.md Markdown 50L · 1.6 KB

安全亮点

✓ No executable scripts present — skill is pure documentation
✓ No credential harvesting or environment variable iteration
✓ No base64-encoded payloads, reverse shells, or obfuscation
✓ No curl|bash or wget|sh remote script execution
✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env)
✓ No allowed-tools declarations that could be abused
✓ Legitimate open-source tool (qjfoidnh/BaiduPCS-Go fork of iikira/BaiduPCS-Go v3.6.2)