ClawHub

baidu_search

Security checks across malware telemetry and agentic risk

Overview

This Baidu search skill does what it advertises, but its webpage fetcher disables HTTPS certificate checks and its triggers are broader than its Baidu-specific purpose.

Install only if you are comfortable with a Baidu-focused web retrieval helper that makes outbound requests to Baidu and result websites. Review or patch the fetcher to keep HTTPS certificate verification enabled by default, and invoke it only for explicit Baidu or Chinese-web search tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code disables TLS certificate verification by passing verify=False to requests.get while presenting itself as a normal webpage fetcher. This makes HTTPS connections vulnerable to man-in-the-middle interception and content tampering, so the script may return attacker-controlled page content or leak fetched data to an active network attacker.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad phrases like '抓取网页' and '解析网页' that are not specific to Baidu search and could cause this skill to activate for generic web-browsing or scraping requests. That increases the chance of unintended tool selection, unnecessary external requests, and retrieval from untrusted sites beyond the user's actual intent.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
The skill description hard-codes a Chinese-web/Baidu-focused retrieval path without indicating any user choice for language, region, or search source. This can steer information access toward a specific locale by default, creating relevance, bias, and misrouting risks when the user's request is broader or not China-specific.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal