中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 47/100
上次扫描:18 小时前 重新扫描
47 /100
cloud-share-downloader
网盘分享链接转存 - 完全自动化,发的链接就能下
The skill's SKILL.md advertises fully-automated cloud share saving but the Python script only performs passive URL detection with no actual download, credential harvest, or network functionality — a doc-to-code mismatch suggesting either unfinished development or deceptive behavior.
技能名称cloud-share-downloader
分析耗时46.0s
引擎pi
谨慎使用
Do not use. The skill requests Cookie authorization from users (credential phishing signal) and claims automation capabilities that the code does not implement. If the skill is legitimate, these features should be present in the code and declared in SKILL.md.

攻击链 3 步

提权 User is baited with fully-automated cloud download promise in SKILL.md
SKILL.md:1
提权 Skill detects Baidu or Aliyun URL and prompts user to provide cookies via 'how_to_help' message
scripts/download.py:35
提权 User submits cookies, which the skill would need to expand code to harvest (current code is placeholder-only)

安全发现 4 项

严重性 安全发现 位置
高危
Undeclared credential solicitation 凭证窃取
The SKILL.md declares zero credential access permissions, yet the code prompts users to provide cloud platform cookies ('请提供网盘的Cookie') for Baidu and Aliyun. This is a credential phishing signal — even without exfiltration code, the skill conditions users to share sensitive authentication tokens.
"how_to_help": "请提供网盘的Cookie,我可以帮你保存"
→ Remove cookie solicitation. If credential access is necessary, declare it explicitly in SKILL.md under allowed-tools and explain why it is needed and how credentials are handled locally.
 scripts/download.py:35
高危
Major doc-to-code functionality mismatch 文档欺骗
SKILL.md advertises: (1) fully automated download using yt-dlp, (2) file saving to the user's cloud drive, and (3) return of a new share link. The Python code performs zero of these operations — it only matches URL patterns and returns text dictionaries. The advertised capabilities are entirely absent.
# Cloud Share Downloader v2 - 完全自动化,无需登录
→ Either implement the declared features in code or update SKILL.md to accurately describe the limited URL-detection-only functionality.
 scripts/download.py:1
中危
Version number inconsistency 文档欺骗
SKILL.md declares version 3.0.0 while _meta.json declares 1.0.0. This inconsistency indicates poor maintenance and raises concerns about supply chain integrity.
version: 3.0.0
→ Ensure consistent versioning across all metadata files.
 SKILL.md:1
低危
Trailing JSON appended to SKILL.md 文档欺骗
SKILL.md ends with an embedded JSON block containing name/version/author, which differs from the frontmatter version. This suggests copy-paste errors or intentional inconsistency.
{ "name": "cloud-share-downloader", "version": "1.0.0", "author": "OpenClaw" }
→ Remove duplicate JSON block from SKILL.md body.
 SKILL.md:53
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file read/write in code
网络访问 NONE NONE No network calls in code
命令执行 NONE NONE No subprocess in code
环境变量 NONE NONE No os.environ access
凭据 NONE READ (textual request only) ✗ 越权 scripts/download.py:35 — 'how_to_help': '请提供网盘的Cookie'
技能调用 NONE NONE N/A
2 项发现
🔗
中危 外部 URL 外部 URL
https://pan.baidu.com/s/xxxxx
SKILL.md:22
🔗
中危 外部 URL 外部 URL
https://www.alipan.com/s/xxxxx
SKILL.md:23

目录结构

3 文件 · 4.2 KB · 162 行
Python 1f · 104L Markdown 1f · 53L JSON 1f · 5L
├─ 📁 scripts
│ └─ 🐍 download.py Python 104L · 3.0 KB
├─ 📋 _meta.json JSON 5L · 85 B
└─ 📝 SKILL.md Markdown 53L · 1.1 KB

安全亮点

✓ Code makes zero network requests (no urllib, requests, httpx, socket calls)
✓ No subprocess or shell execution present in code
✓ No environment variable enumeration
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No base64 encoding, obfuscation, or dynamic code generation
✓ No persistence mechanisms (no cron, autostart, or startup hooks)
✓ No supply chain dependencies declared (no requirements.txt, package.json, or Cargo.toml)