Skill Trust Decision

cloud-share-downloader

Name: cloud-share-downloader Trust Review Report
Item: cloud-share-downloader
Rating: 53
Author: ClawSafe

The skill's SKILL.md advertises fully-automated cloud share saving but the Python script only performs passive URL detection with no actual download, credential harvest, or network functionality — a doc-to-code mismatch suggesting either unfinished development or deceptive behavior.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 3

Artifacts 2

Violations 1

Findings 4

Most direct threat evidence

User is baited with fully-automated cloud download promise in SKILL.md recon · SKILL.md

Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message credential_phishing · scripts/download.py

User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only) credential_phishing

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

1 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

2 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

User is baited with fully-automated cloud download promise in SKILL.md

recon · SKILL.md:1

Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message

credential_phishing · scripts/download.py:35

User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only)

credential_phishing

What drove the risk score up

Undeclared cookie request to users +20

SKILL.md declares zero credential access, but code asks users to provide cookies for Baidu/Aliyun cloud via 'how_to_help' — credential phishing signal

Doc-to-code mismatch +15

SKILL.md advertises '完全自动化' (fully automated) with yt-dlp, file saving, and share link return; code contains zero of this functionality

Version mismatch +5

SKILL.md declares version 3.0.0 but _meta.json says 1.0.0

No shell execution in code +-5

Code makes no subprocess/shell calls; the described yt-dlp usage exists only as comment text

No network requests in code +-5

No urllib, requests, or socket calls found; no exfiltration possible through current code

No sensitive file access +-3

Code only reads sys.argv and string-matches the URL

Most important evidence

High Credential Theft

Undeclared credential solicitation

The SKILL.md declares zero credential access permissions, yet the code prompts users to provide cloud platform cookies ('请提供网盘的Cookie') for Baidu and Aliyun. This is a credential phishing signal — even without exfiltration code, the skill conditions users to share sensitive authentication tokens.

scripts/download.py:35

Remove cookie solicitation. If credential access is necessary, declare it explicitly in SKILL.md under allowed-tools and explain why it is needed and how credentials are handled locally.

High Doc Mismatch

Major doc-to-code functionality mismatch

SKILL.md advertises: (1) fully automated download using yt-dlp, (2) file saving to the user's cloud drive, and (3) return of a new share link. The Python code performs zero of these operations — it only matches URL patterns and returns text dictionaries. The advertised capabilities are entirely absent.

scripts/download.py:1

Either implement the declared features in code or update SKILL.md to accurately describe the limited URL-detection-only functionality.

Medium Doc Mismatch

Version number inconsistency

SKILL.md declares version 3.0.0 while _meta.json declares 1.0.0. This inconsistency indicates poor maintenance and raises concerns about supply chain integrity.

SKILL.md:1

Ensure consistent versioning across all metadata files.

Low Doc Mismatch

Trailing JSON appended to SKILL.md

SKILL.md ends with an embedded JSON block containing name/version/author, which differs from the frontmatter version. This suggests copy-paste errors or intentional inconsistency.

SKILL.md:53

Remove duplicate JSON block from SKILL.md body.

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred NONE

No file read/write in code

Network Pass

Declared NONE

→

Inferred NONE

No network calls in code

Shell Pass

Declared NONE

→

Inferred NONE

No subprocess in code

Environment Pass

Declared NONE

→

Inferred NONE

No os.environ access

credential Block

Declared NONE

→

Inferred READ (textual request only)

scripts/download.py:35 — 'how_to_help': '请提供网盘的Cookie'

Skill Invoke Pass

Declared NONE

→

Inferred NONE

N/A

Suspicious artifacts and egress

Medium External URL

https://pan.baidu.com/s/xxxxx

SKILL.md:22

Medium External URL

https://www.alipan.com/s/xxxxx

SKILL.md:23

Dependencies and supply chain

There are no structured dependency warnings.

File composition

3 files · 162 lines

Python 1 files · 104 linesMarkdown 1 files · 53 linesJSON 1 files · 5 lines

Files of concern · 2

scripts/download.py Python · 104 lines

Undeclared credential solicitation · Major doc-to-code functionality mismatch

SKILL.md Markdown · 53 lines

Version number inconsistency · Trailing JSON appended to SKILL.md · https://pan.baidu.com/s/xxxxx · https://www.alipan.com/s/xxxxx

Other files · _meta.json

Security positives

Code makes zero network requests (no urllib, requests, httpx, socket calls)

No subprocess or shell execution present in code

No environment variable enumeration

No sensitive file access (~/.ssh, ~/.aws, .env)

No base64 encoding, obfuscation, or dynamic code generation

No persistence mechanisms (no cron, autostart, or startup hooks)

No supply chain dependencies declared (no requirements.txt, package.json, or Cargo.toml)