Official Baidu Search
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Baidu search connector that uses the user’s Baidu API key to send search queries to Baidu, with no evidence of hidden or malicious behavior.
Use a dedicated Baidu API key with reasonable quota limits, keep the .env file private, avoid putting sensitive personal or secret information into search queries, and run the service on 127.0.0.1 unless you intentionally secure it for network access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.