安全决策报告
cloud-share-downloader
The skill's SKILL.md advertises fully-automated cloud share saving but the Python script only performs passive URL detection with no actual download, credential harvest, or network functionality — a doc-to-code mismatch suggesting either unfinished development or deceptive behavior.
最直接的威胁证据
01
User is baited with fully-automated cloud download promise in SKILL.md recon · SKILL.md
02
Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message credential_phishing · scripts/download.py
03
User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only) credential_phishing
为什么得出这个结论
2/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
复核
隐藏执行与外联
提取到 2 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 2 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
User is baited with fully-automated cloud download promise in SKILL.md
recon · SKILL.md:1
02
Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message
credential_phishing · scripts/download.py:35
03
User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only)
credential_phishing
风险分是怎么被拉高的
Undeclared cookie request to users +20
SKILL.md declares zero credential access, but code asks users to provide cookies for Baidu/Aliyun cloud via 'how_to_help' — credential phishing signal
Doc-to-code mismatch +15
SKILL.md advertises '完全自动化' (fully automated) with yt-dlp, file saving, and share link return; code contains zero of this functionality
Version mismatch +5
SKILL.md declares version 3.0.0 but _meta.json says 1.0.0
No shell execution in code +-5
Code makes no subprocess/shell calls; the described yt-dlp usage exists only as comment text
No network requests in code +-5
No urllib, requests, or socket calls found; no exfiltration possible through current code
No sensitive file access +-3
Code only reads sys.argv and string-matches the URL
最关键的证据
高危 凭证窃取
Undeclared credential solicitation
The SKILL.md declares zero credential access permissions, yet the code prompts users to provide cloud platform cookies ('请提供网盘的Cookie') for Baidu and Aliyun. This is a credential phishing signal — even without exfiltration code, the skill conditions users to share sensitive authentication tokens.
scripts/download.py:35 Remove cookie solicitation. If credential access is necessary, declare it explicitly in SKILL.md under allowed-tools and explain why it is needed and how credentials are handled locally.
高危 文档欺骗
Major doc-to-code functionality mismatch
SKILL.md advertises: (1) fully automated download using yt-dlp, (2) file saving to the user's cloud drive, and (3) return of a new share link. The Python code performs zero of these operations — it only matches URL patterns and returns text dictionaries. The advertised capabilities are entirely absent.
scripts/download.py:1 Either implement the declared features in code or update SKILL.md to accurately describe the limited URL-detection-only functionality.
中危 文档欺骗
Version number inconsistency
SKILL.md declares version 3.0.0 while _meta.json declares 1.0.0. This inconsistency indicates poor maintenance and raises concerns about supply chain integrity.
SKILL.md:1 Ensure consistent versioning across all metadata files.
低危 文档欺骗
Trailing JSON appended to SKILL.md
SKILL.md ends with an embedded JSON block containing name/version/author, which differs from the frontmatter version. This suggests copy-paste errors or intentional inconsistency.
SKILL.md:53 Remove duplicate JSON block from SKILL.md body.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 NONE
No file read/write in code 网络访问 通过
声明 NONE
→ 推断 NONE
No network calls in code 命令执行 通过
声明 NONE
→ 推断 NONE
No subprocess in code 环境变量 通过
声明 NONE
→ 推断 NONE
No os.environ access credential 阻止
声明 NONE
→ 推断 READ (textual request only)
scripts/download.py:35 — 'how_to_help': '请提供网盘的Cookie' 技能调用 通过
声明 NONE
→ 推断 NONE
N/A 可疑产物与外联
中危 外部 URL
https://pan.baidu.com/s/xxxxx SKILL.md:22
中危 外部 URL
https://www.alipan.com/s/xxxxx SKILL.md:23
依赖与供应链
没有结构化依赖告警。
文件构成
3 个文件 · 162 行
Python 1 个文件 · 104 行Markdown 1 个文件 · 53 行JSON 1 个文件 · 5 行
需关注文件 · 2
scripts/download.py Undeclared credential solicitation · Major doc-to-code functionality mismatch
SKILL.md Version number inconsistency · Trailing JSON appended to SKILL.md · https://pan.baidu.com/s/xxxxx · https://www.alipan.com/s/xxxxx
其他文件 · _meta.json
安全亮点
Code makes zero network requests (no urllib, requests, httpx, socket calls)
No subprocess or shell execution present in code
No environment variable enumeration
No sensitive file access (~/.ssh, ~/.aws, .env)
No base64 encoding, obfuscation, or dynamic code generation
No persistence mechanisms (no cron, autostart, or startup hooks)
No supply chain dependencies declared (no requirements.txt, package.json, or Cargo.toml)