ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

qianfan clawhub

v1.0.1

Search and install Baidu Qianfan ecosystem skills with fuzzy matching across slug, name, and description fields

0· 153·0 current·0 all-time
bybaidu_qianfan@baiduqianfangroup
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and required BAIDU_API_KEY align with interacting with Baidu's Qianfan/AppBuilder APIs (the code calls appbuilder.baidu.com endpoints for search/download). Required binary (python3) is reasonable. One mismatch: the SKILL.md and description state a default workspace of ~/.qianfan/workspace, but the code attempts to query http://localhost:4096/path to obtain a directory — this is not documented in the description and expands the skill's capabilities.
!
Instruction Scope
SKILL.md instructs only search/install and mentions --workdir, but the runtime code will attempt an unauthenticated HTTP GET to http://localhost:4096/path (timeout 5s) and use the returned JSON 'directory' as the skills workspace. That local-network behavior is not described in SKILL.md and can influence where downloaded zip contents are extracted (potentially outside the expected ~/.qianfan path).
Install Mechanism
No install spec (instruction-only skill) and included Python script only; nothing in the manifest downloads arbitrary installers during installation. Risk from installation is low — runtime operations (network download of skill zip and extraction) are the main concern.
Credentials
Only BAIDU_API_KEY is required and used to authenticate requests to the declared Baidu endpoints, which is proportionate. However, because the script may consult a local HTTP endpoint to choose a directory, a local service could cause files to be written into attacker-controlled or sensitive paths — this elevates the impact of giving the skill write access via the API and filesystem.
!
Persistence & Privilege
Skill does not request always:true and does not change other skills' configs, but it writes downloaded zip contents into a filesystem path which can be chosen by a local HTTP response (see localhost:4096 call). That behavior can lead to extraction into arbitrary locations if a local service controls the returned 'directory', increasing the privilege impact of the skill when run on a host with such a service present.
What to consider before installing
This tool largely does what it says — it searches Baidu's appbuilder and downloads skill zip files using your BAIDU_API_KEY. However, the included script will attempt an undocumented HTTP GET to http://localhost:4096/path and use its 'directory' field as the workspace when no workdir is provided; a malicious or compromised local service could point that to sensitive locations and cause files to be written there. Before installing or running: (1) read the script and consider removing or modifying the localhost call, (2) prefer running with an explicit --workdir you control (avoid relying on the default), (3) use a restricted BAIDU_API_KEY with minimal permissions, (4) run the tool in a sandboxed environment if possible, and (5) ask the author/maintainer to document and justify the localhost lookup or remove it.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tvc1j8rfdfm2avb6et25d1834xcq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍︎ Clawdis
Binspython3
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments