远程磁盘挂载工具,支持 SMB/CIFS、FTP、SFTP、WebDAV 协议挂载远程共享到本地目录。当用户需要:(1) 挂载 Windows/Samba 共享,(2) 挂载 FTP/SFTP 服务器,(3) 挂载 WebDAV 存储,(4) 将远程存储映射为本地磁盘使用时触发此技能。
Security Analysis
high confidenceThe skill's instructions and requirements are coherent for a Debian/Ubuntu remote-mount helper — it needs sudo and apt packages to perform mounts and does not request unrelated secrets or external installs, but it legitimately requires privileged operations and handling of sensitive credentials which the user must manage carefully.
The name/description (mount SMB/FTP/SFTP/WebDAV) matches the instructions. Requiring sudo and apt packages for Debian/Ubuntu is expected. There are no unrelated environment variables, binaries, or external services requested.
The SKILL.md stays within the stated purpose: it collects protocol/server/user info, installs packages with sudo apt, creates mount points, and runs mount commands. It warns about passwords and asks for user confirmation before sudo. Points to note: it instructs creating a credential file at /root/.smbcredentials (sensitive and requires root), there are small inconsistencies in mount-point paths used (~/mount_<name>, ~/mount_name, /mnt/webdav), and some mounts use root-mounted mount.cifs vs user-space FUSE (behavior/permissions differ). These are expected for this task but are security-relevant and should be handled carefully.
This is an instruction-only skill with no install spec or code files; no downloads or package installs performed by the skill itself. The instructions ask the user/agent to run apt installs on-demand, which is appropriate and expected.
The skill requests no environment variables or external credentials in metadata. It does instruct creating local credential files (e.g., /root/.smbcredentials) which are necessary for some mount options but are sensitive — the SKILL.md warns to remove them after use.
The skill requires privileged operations (sudo, writing files under /root) to function, which is proportionate to mounting filesystems. It does not request persistent or always-on privileges (always:false) and does not modify other skills or system-wide agent settings.
Guidance
This skill appears to do what it says, but mounting remote storage requires root actions and careful handling of credentials. Before using: confirm you're on Debian/Ubuntu; prefer SSH keys for SFTP; avoid placing long-lived plaintext credential files under /root (delete immediately after use or store securely with strict permissions); prefer user-space FUSE mounts when possible to limit root exposure; verify the remote server is trusted (malicious servers can attack clients via filesystem content); double-check mount-point paths and uid/gid options; and do not paste plaintext passwords into the chat. If you need higher assurance, run these commands manually or in a sandboxed VM and inspect any credential files before deleting them.
Latest Release
v0.4.0
- Revamped documentation for improved clarity and step-by-step workflow. - Added "Workflow" section guiding user through info collection, environment check, dependency install, and mount point creation. - Condensed and clarified protocol-specific instructions for SMB, FTP, SFTP, and WebDAV. - Emphasized interactive password prompting and secure credential handling. - Updated security checklist and best practices.
More by @Leochens
Published by @Leochens on ClawHub
