Back to skill

Security audit

Baidu Search 1.1.3

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu web-search skill that uses a Baidu API key and sends user queries to Baidu as expected.

Install only if you are comfortable sending search queries to Baidu and using your Baidu API quota. Use a dedicated API key if possible, keep it out of source control and shared logs, restrict access to the OpenClaw config file, and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly requires an API key and performs web search against Baidu, so it has environment-variable and network capabilities despite not declaring explicit permissions. This weakens transparency and policy enforcement because users and hosting systems may not realize the skill can exfiltrate prompts or secrets to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation says the skill searches via Baidu AI Search API but does not give a clear user-facing warning that submitted queries are sent to Baidu's external service. Users may include sensitive prompts, internal data, or regulated information without informed consent, creating avoidable privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs users to place a live Baidu API key in a plaintext JSON config file under the home directory, but gives no warning about secret handling, file permissions, or safer alternatives. This increases the chance of credential exposure through local compromise, backups, logs, screenshots, or accidental sharing of the config file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.