ClawHub

baidu search

v1.0.0

Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.

0· 37·0 current·0 all-time
by@feng-aragron·duplicate of @bzmtxh/baidu-search-1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md usage, and the included scripts consistently implement a Baidu AI web search that requires BAIDU_API_KEY and python3. The script calls the expected Baidu endpoint (qianfan.baidubce.com) and constructs search requests. Requiring BAIDU_API_KEY is proportionate to the stated purpose.
Instruction Scope
SKILL.md directs the agent/user to run the included Python script with a JSON argument. The script reads only the declared BAIDU_API_KEY environment variable and does not attempt to read unrelated system files. The references doc suggests adding the key to ~/.openclaw/openclaw.json (a user config file) — this is an operational suggestion, not hidden behavior in the runtime instructions.
Install Mechanism
There is no install spec (instruction-only plus a bundled script), which is low risk. However, the Python script uses the third-party 'requests' library but the skill does not declare that dependency or provide an install step; that can cause runtime failures or unexpected behavior if requests is absent or an incompatible version is installed.
Credentials
The skill requests a single credential (BAIDU_API_KEY) which matches its purpose. One caveat: the references doc recommends storing the key in ~/.openclaw/openclaw.json (plain JSON); users should be aware this stores the key on disk and may be less secure than platform secret storage.
Persistence & Privilege
always is false and the skill does not request elevated or system-wide privileges. It does not modify other skills' configs. The only config edit suggested is to add the API key to the agent's config, which is a user-administered action.
Assessment
This skill appears to do what it says: run a local Python script that calls Baidu's AI search API using BAIDU_API_KEY. Before installing, do the following: - Review the bundled scripts (scripts/search.py) yourself — it is short and readable and only posts to qianfan.baidubce.com. - Ensure the 'requests' Python package is installed in the runtime environment (pip install requests) or add an install step; otherwise the script will fail. - Store BAIDU_API_KEY securely. The references suggest adding it to ~/.openclaw/openclaw.json (plain JSON), which may leave the key on disk in cleartext; prefer an encrypted/secret store or OS environment variable if possible. - Confirm you trust the skill source (source/homepage are unknown) and the owner. There is a minor metadata mismatch in _meta.json ownerId vs. registry metadata — this is not necessarily malicious but worth checking if provenance matters. - Consider running the script in an isolated environment (container) the first time to validate behavior and network egress to Baidu's endpoint. If these points are acceptable, the skill is coherent and proportional to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mhy41x69bzsp2z8tqbagvs842md6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍︎ Clawdis
Binspython3
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments