← 返回 Skills 市场
Baidu Netdisk Skill
作者
Miaozai Studio
· GitHub ↗
· v1.0.10
· MIT-0
384
总下载
0
收藏
1
当前安装
11
版本数
在 OpenClaw 中安装
/install baidu-netdisk-skill
功能描述
Baidu Netdisk file management for OpenClaw - List, search, download, upload with OAuth 2.0 (百度网盘文件管理 - OAuth 一键授权)
使用说明 (SKILL.md)
百度网盘 Skill (Baidu Netdisk Skill)
AI Agent 的云端数据连接器 | Cloud Data Connector for AI Agents —— 无需本地存储即可访问百度网盘文件
安全状态:✅ 已自审 | 🔒 Token 加密存储 | 🌐 仅调用百度官方 API
简介
百度网盘 Skill 是一个专为 OpenClaw 设计的命令行工具,支持文件列表、搜索、下载、上传等核心功能。
核心优势:
- 🔐 OAuth 一键授权 - 1 分钟完成,无需申请百度 API(推荐)
- ☁️ 云端零存储 - 流式读取,不占用本地磁盘空间
- 🗂️ 深层文件夹遍历 - 支持 4 层 + 深度目录
- 🔒 Token 加密存储 - 本地安全
- 🔧 灵活认证 - 支持自带 API key(适合高用量用户)
安装
npx skills install github:niukesi/baidu-netdisk-skill
授权(首次使用)
方式一:OAuth 一键授权 ⭐ 推荐
适合大多数用户,无需申请百度 API:
npx baidu-netdisk-auth
按提示操作:
- 打开授权 URL
- 登录百度账号
- 授权应用
- 复制授权码粘贴回终端
方式二:自带 API key 🔧 高级
适合高用量用户或技术用户,使用自己的百度 API 配额:
npx baidu-netdisk-skill config -k \x3Capikey> -s \x3Csecret> -t \x3Ctoken>
获取 API key 步骤:
- 访问 百度开放平台
- 创建应用获取 API Key 和 Secret Key
- 按提示完成授权获取 Access Token
使用示例
查看用户信息
npx baidu-netdisk-skill whoami
列出文件
# 根目录
npx baidu-netdisk-skill list /
# 指定目录(支持深层文件夹)
npx baidu-netdisk-skill list "/教程/第一层/第二层"
搜索文件
npx baidu-netdisk-skill search "关键词"
获取下载链接
npx baidu-netdisk-skill download \x3Cfs_id>
上传文件
npx baidu-netdisk-skill upload ./本地文件.pdf /备份/
配置项
| 配置项 | 说明 | 必填 |
|---|---|---|
apiKey |
百度 API Key(自带 API key 模式使用) | 否 |
secretKey |
百度 Secret Key(自带 API key 模式使用) | 否 |
accessToken |
Access Token(OAuth 授权后自动保存) | 否 |
refreshToken |
Refresh Token(OAuth 授权后自动保存) | 否 |
encryptionKey |
自定义加密密钥(可选,增强安全性) | 否 |
安全说明
- ✅ Token 本地加密存储(AES-256)
- ✅ 仅调用百度官方 API
- ✅ 代码开源可审计
- ✅ 无数据收集
注意:删除操作不可恢复,请谨慎使用。
常见问题
Q: 授权后提示凭证无效?
A: 授权码有效期较短,请在 5 分钟内完成授权。如已过期,重新运行 npx baidu-netdisk-auth。
Q: 列出文件时提示权限不足? A: 请确认已正确完成 OAuth 授权,或检查 BDUSS/STOKEN 是否有效。
Q: 支持大文件上传吗? A: 支持,但大文件上传时间较长,建议在稳定网络环境下使用。
更多文档
Made with ❤️ by Miaozai Studio
安全使用建议
This skill appears to implement Baidu Netdisk operations, but there are several mismatches you should consider before installing:
- OAuth workflow: The documentation promises a one‑click OAuth via a provided enterprise app (no API application needed), but the code expects an API Key/Secret from config or environment. Expect you may need to supply your own Baidu API credentials for the auth flow to work.
- Token encryption: Tokens are stored encrypted, but if you do not set ENCRYPTION_KEY the code derives the key from a hardcoded string. To avoid predictable encryption, set ENCRYPTION_KEY to a strong secret in your environment before authorizing.
- Large files / streaming: The README claims streaming and zero local storage; the upload implementation reads the whole file into memory (fs.readFileSync), which can fail or OOM on large files. Treat the large‑file support claim as optimistic and test carefully.
- Metadata mismatches: The published metadata says instruction‑only but the package contains runnable code/bin entries; confirm the source repository (links point to GitHub niukesi) and audit the code yourself if you have sensitive data.
Recommended actions:
- Inspect src/auth.js and src/baidu-api.js in the repo (they are present) to verify endpoints and keys.
- Set ENCRYPTION_KEY env var to a strong secret before authorizing to avoid use of the built‑in key.
- Prefer using your own Baidu API Key/Secret (via config or BAIDU_API_KEY/BAIDU_SECRET_KEY) rather than relying on any undocumented shared client_id.
- Run the included test-local.sh in a controlled environment and monitor network traffic (mitmproxy) to confirm only pan.baidu.com/openapi.baidu.com are contacted.
- Avoid installing on highly privileged hosts until you verify behavior (especially for large uploads).
If you need higher assurance, ask the publisher for the exact enterprise client_id they claim to use, or audit/compile/install the package from the authoritative GitHub repo yourself.
功能分析
Type: OpenClaw Skill
Name: baidu-netdisk-skill
Version: 1.0.10
The Baidu Netdisk skill bundle is a legitimate tool for managing cloud files via official Baidu APIs. It implements standard OAuth 2.0 flows and includes a security-conscious feature that encrypts sensitive Access and Refresh tokens locally using AES-256 (via `crypto-js`) before storing them in the user's config directory. Analysis of `src/baidu-api.js` and `src/auth.js` confirms that network requests are strictly limited to official domains (`pan.baidu.com` and `openapi.baidu.com`), and no evidence of data exfiltration, obfuscation, or malicious command execution was found.
能力评估
Purpose & Capability
Name/description match the code (list/search/download/upload via Baidu APIs). However the README/SKILL.md repeatedly claim an "OAuth 一键授权 / 使用我们的企业应用,无需申请百度 API", yet the code does not embed a client_id/client_secret — auth.js expects apiKey/secretKey from config or environment. That makes the "no API application required" claim misleading. Other capability claims (AES key derived from user password, stream uploads that avoid local storage) are also contradicted by the implementation.
Instruction Scope
Runtime instructions are narrowly scoped to interacting with Baidu endpoints and local config. However the docs claim '流式读取、不占用本地磁盘' and '用户密钥由密码派生'; the actual code saves encrypted tokens to ~/.config/configstore/baidu-netdisk-skill.json (Conf) and uses a built-in static secret unless ENCRYPTION_KEY is provided. The upload implementation reads the entire file into memory (fs.readFileSync) which conflicts with the 'streaming' / 'zero local storage' claims and may be problematic for large files.
Install Mechanism
Registry metadata says "instruction-only (no install spec)" but the package contains code, package.json and bin entries. SKILL.md suggests installing via npx/github. There is no remote download from arbitrary hosts; dependencies are standard npm packages. Overall install risk is moderate and typical for an npm CLI package, but the metadata/code mismatch is worth noting.
Credentials
The skill does not request unrelated cloud credentials. It optionally reads BAIDU_API_KEY/BAIDU_SECRET_KEY and ENCRYPTION_KEY from env. However: (1) If ENCRYPTION_KEY is not set, the code derives an AES key from a hardcoded string ('baidu-netdisk-skill-secret-2026'), meaning encrypted tokens are protected with a predictable key (contradicts doc claims that key is derived from a user password). (2) SKILL.md/README suggest OAuth can be used without user API keys (implying a built-in enterprise client id), but the code requires apiKey/secretKey/config to build the authorize URL — a functional/credential mismatch.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It stores encrypted tokens in the user's config (~/.config/configstore/baidu-netdisk-skill.json) which is expected for this purpose. skill.json declares 'tools': ['exec'] though the code does not spawn arbitrary shell commands; this declaration may grant broader agent exec capability than strictly necessary.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install baidu-netdisk-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/baidu-netdisk-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.10
优化名称和描述为中英双语,提升搜索友好度
v1.0.9
安全优化:添加 security 字段、vetting.json、SECURITY_AUDIT.md,完善 Token 存储说明
v1.0.8
baidu-netdisk-skill 1.0.8
- Added package-lock.json for dependency management consistency.
- Added test-local.sh script for local testing and automation support.
v1.0.7
baidu-netdisk-skill v1.0.7
- Updated configuration options to adopt standardized field names (apiKey, secretKey, accessToken, refreshToken, encryptionKey).
- Improved documentation in SKILL.md to reflect new config fields and enhance clarity.
- General documentation and metadata updates for better usability.
v1.0.6
baidu-netdisk-skill v1.0.6
- Updated documentation in README.md (content or formatting changed).
- Minor revisions to authentication (src/auth.js) and API integration (src/baidu-api.js).
- No functional or breaking changes introduced.
v1.0.5
Version 1.0.5
- Documentation updated: refreshed TODO.md with latest plans or notes.
- No functional or code changes in this release.
v1.0.4
baidu-netdisk-skill v1.0.4
- Documentation updated in TODO.md.
- No changes to code or features.
v1.0.3
- Updated project attribution from "MoneyClaw (阿爪)" to "Miaozai Studio" in documentation.
- No functional or feature changes; documentation/content update only.
v1.0.2
- 增加对自带 API key 的高级配置说明,适合高用量用户
- 优化 OAuth 授权文档描述,突出一键授权推荐
- 更新简介和核心优势,增加认证灵活性说明
- 调整配置和使用说明结构,使文档更加清晰易用
v1.0.1
- 移除了示例与开发相关的发布材料与复盘文档。
- 不影响核心功能及使用方式。
v1.0.0
baidu-netdisk-skill 1.0.0
- Initial release of the Baidu Netdisk file management tool for OpenClaw.
- Supports file listing, search, download, and upload without requiring a Baidu API application.
- Implements one-minute OAuth authorization and local AES-256 encrypted token storage for safety.
- Enables streaming access to Baidu Netdisk files, avoiding local disk usage.
- Allows access to deep file directories (up to 4+ levels).
元数据
常见问题
Baidu Netdisk Skill 是什么?
Baidu Netdisk file management for OpenClaw - List, search, download, upload with OAuth 2.0 (百度网盘文件管理 - OAuth 一键授权). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 384 次。
如何安装 Baidu Netdisk Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install baidu-netdisk-skill」即可一键安装,无需额外配置。
Baidu Netdisk Skill 是免费的吗?
是的,Baidu Netdisk Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Baidu Netdisk Skill 支持哪些平台?
Baidu Netdisk Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Baidu Netdisk Skill?
由 Miaozai Studio(@niukesi)开发并维护,当前版本 v1.0.10。
推荐 Skills