Baidu Content Censor
v1.0.0提供文本和图像内容安全检测,自动识别类型并返回详细审核结果,支持本地图片路径和图片 URL 输入。
⭐ 0· 109·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Baidu content censor) match the actual behavior: the code calls Baidu OAuth and the Baidu text/image censor endpoints and requires Baidu AK/SK environment variables. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md and the code instruct the agent to read environment variables for AK/SK, obtain an access token, and POST text or image data to Baidu endpoints. The skill will read local files when given a local image path and convert them to Base64 for upload — this is expected for image auditing but is a privacy consideration (local files are uploaded to Baidu). The code also adds an isFromSkill=true param to all requests for tracking. Instructions are otherwise narrowly scoped to the censorship task.
Install Mechanism
No install specification is provided (instruction-only install), but code files are included. The Python client imports the third-party 'requests' package yet the registry metadata does not declare dependencies; the runtime environment must have Python and requests available. No external download URLs or archive extraction are used.
Credentials
Only BCE_SINAN_AK and BCE_SINAN_SK are required, which is appropriate for obtaining Baidu access tokens. No other secrets, unrelated credentials, or broad system config paths are requested.
Persistence & Privilege
The skill caches the access token to a file under ~/.claude/skills/baidu-content-censor/token_cache.json and will create that directory if missing — this is reasonable for token caching but means the skill will write into the user's home directory. always is false and the skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: it calls Baidu's OAuth endpoint and the Baidu content-censor APIs and requires your Baidu AK/SK. Before installing: 1) only provide AK/SK you intend to use with Baidu; don't use broader or unrelated credentials; 2) be aware that any local file path you pass will be read and uploaded (Base64) to Baidu — avoid passing sensitive local files; 3) ensure your runtime has Python and the 'requests' library (the skill's metadata does not declare dependencies); 4) note the skill writes a token cache to ~/.claude/skills/... — if you prefer no on-disk caching, inspect/modify the code; 5) the package source/homepage is unknown — if you need stronger assurance, review the included code yourself or run it in a sandbox before granting credentials or using on sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9701f38pnf2g0m1bnjppma55d83efyj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.