Baidu Content Censor
Analysis
The skill matches its stated purpose of Baidu text/image moderation, but it sends submitted content to Baidu, uses Baidu credentials, and caches an access token locally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Source: unknown; Homepage: none
The registry does not provide a source repository or homepage. The included files are readable and coherent, and there is no install-time execution shown, but provenance is limited.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
| BCE_SINAN_AK | 是 | 百度云 API Key | ... | BCE_SINAN_SK | 是 | 百度云 Secret Key | ... 缓存文件位置:`~/.claude/skills/baidu-content-censor/token_cache.json`
The skill requires Baidu cloud credentials and stores an access token cache. This is expected for the Baidu moderation API, but users should recognize the credential and token handling, especially because registry requirements declare no required env vars.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
文本审核: `https://aip.baidubce.com/rest/2.0/solution/v1/text_censor/v2/user_defined` ... 图像审核: `https://aip.baidubce.com/rest/2.0/solution/v1/img_censor/v2/user_defined` ... 本地图片路径会自动转换为 Base64
The skill sends text, image URLs, or base64-encoded local image contents to Baidu's external moderation endpoints. This is central to the stated purpose and disclosed, but it is a third-party data flow.