Baidu Search 1.1.3
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Baidu web-search tool; the main things to notice are that it uses your Baidu API key and its package metadata is mildly inconsistent.
This skill looks safe for its stated purpose if you are comfortable sending search queries to Baidu and using a Baidu API key. Verify the package identity because the registry and bundled metadata do not fully match, and use a controlled API key with appropriate quota or billing limits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches run through the user’s Baidu API key and may consume quota or be associated with that Baidu account.
The script reads the Baidu API key from the environment and sends it as bearer authentication to the Baidu AI Search API. This is expected for the skill’s purpose, but it means the skill can use the configured Baidu account/API quota.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_key ... response = requests.post(url, json=requestBody, headers=headers)Use a dedicated or least-privileged Baidu API key if possible, monitor quota/billing, and avoid putting sensitive secrets into search queries.
The package identity may be slightly harder to verify, even though the visible code does not show suspicious behavior.
The bundled metadata differs from the evaluation registry metadata, which lists a different owner ID, slug, and version. This is a provenance/identity ambiguity, though the included code remains coherent with the stated Baidu search purpose.
"ownerId": "kn7akgt520t01vgs2tzx7yk6m180kt26", "slug": "baidu-search", "version": "1.1.3"
Confirm the publisher and version before installing, especially because the skill uses an API credential.