ClawHub

Baidu Search (Free)

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu search helper with ordinary network and dependency risks, not hidden or destructive behavior.

Install only if you are comfortable sending search terms to Baidu. Avoid private or sensitive queries, use a virtual environment, prefer pinned current dependency versions, and only use a proxy or VPN provider you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly performs web searches against Baidu, which requires outbound network access, but the manifest does not declare any corresponding permission. Undeclared network capability weakens the trust boundary for users and platforms because the skill can make external requests without transparent disclosure, increasing the risk of unexpected data exposure, scraping abuse, or policy bypass.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
Confidence
93% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
Confidence
93% confidence
Finding
beautifulsoup4>=4.11.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal