ClawHub

Qianfan KnowledgeBase Search

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to do what it says: query Baidu Qianfan knowledge bases using a provided API key, with a few transparency notes about credentials, private data flow, and publisher metadata.

This appears safe for its stated purpose if you trust the publisher and intend the agent to search those Qianfan knowledge bases. Before installing, confirm the skill source, use a least-privilege Baidu API key if available, and limit QIANFAN_KNOWLEDGEBASE_IDS to knowledge bases you are comfortable exposing to the agent session.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI03: Identity and Privilege Abuse
What this means

Anyone allowing this skill to run gives the agent a way to query Qianfan knowledge bases permitted by that API key.

Why it was flagged

The script reads the Baidu API key from the environment and uses it as a bearer credential for Qianfan API access.

Skill content
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_key
Recommendation

Use a scoped or limited API key if possible, configure only intended knowledgebase IDs, and rotate or revoke the key if the skill is no longer needed.

Low
#ASI07: Insecure Inter-Agent Communication
What this means

Search queries and retrieved private knowledge-base content flow through Baidu Qianfan and may be visible to the agent session.

Why it was flagged

The user query and selected knowledgebase IDs are sent to Baidu Qianfan's external API, and private search results are returned into the agent context.

Skill content
url = "https://qianfan.baidubce.com/v2/knowledgebases/search" ... requests.post(url, json=request_body, headers=headers)
Recommendation

Use the skill only for queries appropriate to send to Qianfan and avoid retrieving highly sensitive knowledge-base content unless the agent session is trusted.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

It is less clear who packaged or maintains the skill, which matters because it uses an API credential.

Why it was flagged

The bundled _meta.json ownerId differs from the registry metadata owner ID shown for the skill, and the source/homepage are not provided. This is a provenance transparency issue, not evidence of malicious behavior.

Skill content
"ownerId": "kn7akgt520t01vgs2tzx7yk6m180kt26"
Recommendation

Verify the publisher or review the included code before installing, especially before providing a production Qianfan API key.