Back to skill

Security audit

test

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu web-search skill, but users should treat search queries and the Baidu API key as sensitive.

Install only if you are comfortable sending search queries to Baidu. Do not search for secrets, private documents, credentials, or regulated personal data. Store the Baidu API key carefully, avoid committing OpenClaw config files, restrict local file access where possible, and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill sends user-provided search queries to Baidu's external search API and requires an API key, but the documentation does not clearly disclose that prompts, search terms, and possibly related metadata will leave the local environment and be processed by a third party. That creates a real privacy and data-handling risk, especially if users pass sensitive internal research terms, secrets, or regulated data under the assumption the skill is purely local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to place a live Baidu API key directly into a JSON configuration file in plaintext and does not warn about file permissions, secret exposure, backups, logs, or source-control leakage. This creates a real secret-handling weakness because users may persist credentials in an insecure location that can be read by other local users or accidentally committed or exfiltrated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script prints the fully parsed request body, which includes the user's search query, to stdout before sending it to the remote service. In agent and automation environments, stdout is commonly captured in logs, telemetry, or chat transcripts, so sensitive queries may be disclosed to operators or downstream systems without the user's awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document explicitly instructs users to store a live Baidu API key in a user-readable plaintext JSON configuration file and provides no warning about credential sensitivity, file permissions, rotation, or safer secret storage options. While this is common in setup guides, it increases the risk of credential disclosure through local compromise, backups, screenshots, accidental commits, or overly permissive file permissions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script logs the full parsed request body to stdout, which includes the user-supplied query and may also include other search parameters. Search queries can contain sensitive data, internal research topics, credentials pasted by mistake, or regulated information, and stdout is commonly captured by platform logs accessible beyond the immediate caller.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.