baidu_search

This skill appears to implement Baidu searching and HTML parsing as described, but consider the following before installing or running it in production: - SSL verification disabled: fetch_url uses requests.get(..., verify=False). That makes HTTPS requests accept invalid certificates and is a security risk (MITM, spoofed pages). Consider changing verify=True or making certificate validation configurable. - Arbitrary URL fetch / SSRF risk: the scripts will fetch any URL you (or search results) provide. If the host running the skill has network access to internal endpoints (localhost, 169.254.169.254, internal metadata services), an attacker or a crafted query could cause the agent to retrieve sensitive internal data. Run this skill in a restricted network environment, or implement URL whitelisting/validation. - Rate-limiting mismatch: SKILL.md recommends waiting >=15s between searches to avoid IP bans, but search_and_fetch.py sleeps 1s between fetches. If you care about being polite/avoiding bans, adjust the sleep interval in the script or add a configurable throttle. - Dependency safety: the skill depends on the third-party 'baidusearch' package. Verify that package and its version are trustworthy before installing, especially if installing globally. Prefer installing into an isolated virtualenv. - General sandboxing: because the skill can make outbound HTTP requests and return arbitrary webpage content, avoid running it in environments that grant access to sensitive internal networks or cloud metadata endpoints. If you accept these risks and run the skill in a controlled/sandboxed environment (or fix the verify=False and add URL whitelisting/rate-limiting), the skill is coherent with its declared purpose. If you need higher assurance, request information about the 'baidusearch' dependency and consider altering the code to enforce safe defaults (verify=True, strict URL checks, configurable delay).