Baidu Search 1
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to perform the advertised Baidu web search, but users should note that it uses a Baidu API key, sends search queries to Baidu, and has inconsistent package identity metadata.
This skill looks purpose-aligned and non-destructive. Before installing, confirm you trust the package despite the metadata mismatch, use a dedicated Baidu API key if possible, and avoid sending sensitive queries through the search provider.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Baidu API key, which may be tied to the user's Baidu Cloud account, service permissions, quotas, or billing.
The skill reads the user's Baidu API key from the environment and uses it as a bearer token for the search request. This is expected for the stated Baidu Search purpose, but it is still delegated account authority.
api_key = os.getenv("BAIDU_API_KEY")
"Authorization": "Bearer %s" % api_keyUse a dedicated, revocable API key for this skill and avoid sharing OpenClaw configuration or logs that may contain the key.
Search terms provided to the skill are transmitted to Baidu's service.
The skill sends the request body, including the search query, to an external Baidu-hosted API endpoint. This is purpose-aligned for a live web search tool.
url = "https://qianfan.baidubce.com/v2/ai_search/web_search" response = requests.post(url, json=requestBody, headers=headers)
Do not use this skill for highly confidential searches unless sending those queries to Baidu is acceptable.
It may be harder to confirm that the package identity and publisher match the registry entry the user intended to install.
The included package metadata differs from the supplied registry metadata for baidu-search-1 version 1.0.0 with a different owner ID. This creates package-identity/provenance ambiguity, although the included code is coherent with the stated search purpose.
"ownerId": "kn7akgt520t01vgs2tzx7yk6m180kt26", "slug": "baidu-search", "version": "1.1.3"
Verify the registry listing and package source before installing, especially before configuring a real Baidu API key.