← Back to Skills Marketplace
ugpoor

Baidu Pan OAuth2 Auth

by superStupidBear · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
81
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install baidu-pan-per-auth-skill
Description
百度网盘OAuth2.0授权码模式,获取/刷新access_token。触发词:百度网盘授权、baidu pan auth、access_token过期、refresh_token刷新、百度网盘token。适用场景:(1)首次授权获取token (2)token过期后刷新 (3)定时刷新token保活。
README (SKILL.md)

百度网盘个人应用授权

前提

已有百度网盘开放平台应用(https://pan.baidu.com/union/doc/al0rwqzzl),.env文件含AppKey和SecretKey。

参考 assets/example.env 创建.env文件,填入实际凭据。

授权流程

首次授权(3步)

Step 1 — 浏览器打开授权页:

https://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id={AppKey}&redirect_uri=oob&scope=basic,netdisk&device_id={AppID}

用户登录→点授权→页面显示授权码code(10分钟有效,仅一次)

Step 2 — 换取Token:

python3 scripts/auth.py code \x3Ccode> \x3C/path/to/.env>

成功后.env自动更新AccessToken/RefreshToken/ExpiresIn/Scope/AuthDate

Step 3 — 验证:

curl -s 'https://pan.baidu.com/rest/2.0/xpan/nas?method=uinfo&access_token={AccessToken}' -H 'User-Agent: pan.baidu.com'

返回errno=0即有效。

刷新Token(过期后)

access_token有效期30天。过期后用refresh_token刷新:

python3 scripts/auth.py refresh \x3C/path/to/.env>

刷新后.env自动更新所有token字段(含新refresh_token)。旧refresh_token立即失效。

定时刷新(推荐)

建议每25天自动刷新,避免token过期。通过cron定时任务实现:

cron add → schedule: {"kind":"every","everyMs":2160000000}(25天)
         → payload.message: "执行百度网盘token刷新:运行 python3 \x3Cskill_path>/scripts/auth.py refresh \x3C/path/to/.env>,报告结果"
         → sessionTarget: isolated

或用CLI:

openclaw cron add --name "百度网盘token刷新" --every 25d --session isolated \
  --message "执行百度网盘token刷新:运行 python3 \x3Cskill_path>/scripts/auth.py refresh \x3C/path/to/.env>,报告结果"

关键参数

参数 说明
redirect_uri oob 必须与开放平台配置一致
code有效期 10分钟 仅一次
access_token有效期 30天 刷新后旧token失效
refresh_token有效期 10年 仅一次使用,刷新后返回新refresh_token
scope basic,netdisk 固定值

故障排查

  • error: invalid_grant → code过期或已使用,重新授权
  • error: invalid_refresh_token → refresh_token已用或过期,需重新授权(Step 1)
  • 网络超时 → 国内直连即可,无需代理
Usage Guidance
This skill appears to do only what it claims: exchange and refresh Baidu Pan OAuth tokens. Before installing: (1) keep the .env file private (store it outside version control, set restrictive file permissions, e.g., chmod 600), (2) when invoking, point the script at a local .env you control — do not point it to system-wide config files, (3) review and run the included script locally (it uses HTTPS to openapi.baidu.com and writes tokens to the .env), (4) if you create a scheduled cron via OpenClaw, run it in an isolated session and ensure the job uses the correct env path, and (5) rotate credentials if the .env is ever exposed. Overall the skill is internally consistent and low-risk if you follow standard secret-handling practices.
Capability Analysis
Type: OpenClaw Skill Name: baidu-pan-per-auth-skill Version: 1.0.0 The skill bundle provides a legitimate implementation of the Baidu Netdisk (Baidu Pan) OAuth 2.0 authorization flow. The script `scripts/auth.py` facilitates exchanging authorization codes for tokens and refreshing expired tokens by communicating directly with the official Baidu API endpoint (openapi.baidu.com). The instructions in `SKILL.md` are consistent with the code's functionality, and there is no evidence of data exfiltration, obfuscation, or malicious intent.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the included script all implement the Baidu OAuth2 authorization-code and refresh flows. The only secrets used are AppKey/SecretKey (placed in a user-provided .env) and the tokens returned by Baidu — all expected for this purpose.
Instruction Scope
Runtime instructions are limited to opening the Baidu authorize URL in a browser, calling the included script with a .env path, and optionally verifying via pan.baidu.com. The script only reads/writes the provided .env and issues HTTPS requests to openapi.baidu.com; it does not access other system files, unrelated environment variables, or external endpoints.
Install Mechanism
No install spec; the skill is a small, local Python script using only standard library modules (urllib, json, datetime). No downloads, package installs, or archive extraction are performed.
Credentials
Metadata lists no required environment variables (correct for this bundle), but the workflow requires a local .env file containing AppKey and SecretKey which the script reads and then writes AccessToken/RefreshToken back to. Storing tokens and client secrets in plaintext .env files is expected here but worth protecting; the skill does not request unrelated credentials.
Persistence & Privilege
always is false and the skill does not modify other skills or global agent config. The SKILL.md suggests an optional cron job to run the script periodically — scheduling that job is a user action and not performed automatically by the skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install baidu-pan-per-auth-skill
  3. After installation, invoke the skill by name or use /baidu-pan-per-auth-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: OAuth2 authorization code flow for Baidu Pan personal apps, with access_token exchange, refresh_token rotation, and scheduled refresh guidance.
Metadata
Slug baidu-pan-per-auth-skill
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Baidu Pan OAuth2 Auth?

百度网盘OAuth2.0授权码模式,获取/刷新access_token。触发词:百度网盘授权、baidu pan auth、access_token过期、refresh_token刷新、百度网盘token。适用场景:(1)首次授权获取token (2)token过期后刷新 (3)定时刷新token保活。 It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.

How do I install Baidu Pan OAuth2 Auth?

Run "/install baidu-pan-per-auth-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Baidu Pan OAuth2 Auth free?

Yes, Baidu Pan OAuth2 Auth is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Baidu Pan OAuth2 Auth support?

Baidu Pan OAuth2 Auth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Baidu Pan OAuth2 Auth?

It is built and maintained by superStupidBear (@ugpoor); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments