Turing Baidu Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it says—Baidu web search through Turing—but it uses stored Turing credentials, sends queries to an external proxy, and its registry metadata under-declares those requirements.
This skill is reasonable to install if you trust the Turing Baidu proxy and configure the correct API base. Use a limited Turing API key, avoid sensitive search queries, and treat returned web snippets as untrusted information rather than instructions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search-result text could contain misleading claims or instructions; it should not override the user's request or the agent's safety rules.
The skill returns snippets from external web search results into the agent context. That is expected for search, but the content is untrusted web data.
`results[].content` | `str` | Content snippet
Treat returned snippets as data, verify important sources, and do not follow instructions embedded in search results.
Searches are performed under the user's Turing credentials, and those credentials are sent to the configured API endpoint.
The script authenticates requests using a stored Turing bearer token and account identifiers.
"Authorization": f"Bearer {api_key}",
"client": client,
"environment": environmentUse a least-privileged Turing API key, store it only in the intended OpenClaw config location, and verify that TURING_API_BASE points to the intended Turing service.
A user may not see the required Turing credential setup from registry-level prompts alone.
The registry metadata does not advertise the credential/config requirements that are documented in SKILL.md and required by scripts.py, which affects install-time transparency.
Required env vars: none Env var declarations: none Primary credential: none Required config paths: none
Update the registry metadata to declare TURING_API_KEY, TURING_CLIENT, TURING_ENVIRONMENT, and the OpenClaw config path used by the script.
Search terms leave the local machine and may be visible to the search/proxy provider.
The script sends the user's search query to an external, configurable Turing proxy endpoint.
url = f"{api_base}/api/v1/proxy/baidu/search"
response = requests.post(url, json=request_body, headers=headers, timeout=30)Avoid putting secrets or highly sensitive personal data in search queries, and confirm the configured API base is trusted.