中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 47/100
Last scan:18 hr ago Rescan
47 /100
cloud-share-downloader
网盘分享链接转存 - 完全自动化,发的链接就能下
The skill's SKILL.md advertises fully-automated cloud share saving but the Python script only performs passive URL detection with no actual download, credential harvest, or network functionality — a doc-to-code mismatch suggesting either unfinished development or deceptive behavior.
Skill Namecloud-share-downloader
Duration46.0s
Enginepi
Use with caution
Do not use. The skill requests Cookie authorization from users (credential phishing signal) and claims automation capabilities that the code does not implement. If the skill is legitimate, these features should be present in the code and declared in SKILL.md.

Attack Chain 3 steps

Escalation User is baited with fully-automated cloud download promise in SKILL.md
SKILL.md:1
Escalation Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message
scripts/download.py:35
Escalation User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only)

Findings 4 items

Severity Finding Location
High
Undeclared credential solicitation Credential Theft
The SKILL.md declares zero credential access permissions, yet the code prompts users to provide cloud platform cookies ('请提供网盘的Cookie') for Baidu and Aliyun. This is a credential phishing signal — even without exfiltration code, the skill conditions users to share sensitive authentication tokens.
"how_to_help": "请提供网盘的Cookie,我可以帮你保存"
→ Remove cookie solicitation. If credential access is necessary, declare it explicitly in SKILL.md under allowed-tools and explain why it is needed and how credentials are handled locally.
 scripts/download.py:35
High
Major doc-to-code functionality mismatch Doc Mismatch
SKILL.md advertises: (1) fully automated download using yt-dlp, (2) file saving to the user's cloud drive, and (3) return of a new share link. The Python code performs zero of these operations — it only matches URL patterns and returns text dictionaries. The advertised capabilities are entirely absent.
# Cloud Share Downloader v2 - 完全自动化,无需登录
→ Either implement the declared features in code or update SKILL.md to accurately describe the limited URL-detection-only functionality.
 scripts/download.py:1
Medium
Version number inconsistency Doc Mismatch
SKILL.md declares version 3.0.0 while _meta.json declares 1.0.0. This inconsistency indicates poor maintenance and raises concerns about supply chain integrity.
version: 3.0.0
→ Ensure consistent versioning across all metadata files.
 SKILL.md:1
Low
Trailing JSON appended to SKILL.md Doc Mismatch
SKILL.md ends with an embedded JSON block containing name/version/author, which differs from the frontmatter version. This suggests copy-paste errors or intentional inconsistency.
{ "name": "cloud-share-downloader", "version": "1.0.0", "author": "OpenClaw" }
→ Remove duplicate JSON block from SKILL.md body.
 SKILL.md:53
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No file read/write in code
Network NONE NONE No network calls in code
Shell NONE NONE No subprocess in code
Environment NONE NONE No os.environ access
credential NONE READ (textual request only) ✗ Violation scripts/download.py:35 — 'how_to_help': '请提供网盘的Cookie'
Skill Invoke NONE NONE N/A
2 findings
🔗
Medium External URL 外部 URL
https://pan.baidu.com/s/xxxxx
SKILL.md:22
🔗
Medium External URL 外部 URL
https://www.alipan.com/s/xxxxx
SKILL.md:23

File Tree

3 files · 4.2 KB · 162 lines
Python 1f · 104L Markdown 1f · 53L JSON 1f · 5L
├─ 📁 scripts
│ └─ 🐍 download.py Python 104L · 3.0 KB
├─ 📋 _meta.json JSON 5L · 85 B
└─ 📝 SKILL.md Markdown 53L · 1.1 KB

Security Positives

✓ Code makes zero network requests (no urllib, requests, httpx, socket calls)
✓ No subprocess or shell execution present in code
✓ No environment variable enumeration
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No base64 encoding, obfuscation, or dynamic code generation
✓ No persistence mechanisms (no cron, autostart, or startup hooks)
✓ No supply chain dependencies declared (no requirements.txt, package.json, or Cargo.toml)