Skillv1.0.2

ClawScan security

Baidu Finance Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 20, 2026, 2:22 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (calls Baidu Qianfan web_summary) but has coherence and security issues: it uses a BAIDU_API_KEY that isn't declared in metadata, reads a parent .env file, and disables SSL certificate verification in the HTTP client.
Guidance: Before installing, be aware of three issues: (1) the skill needs a BAIDU_API_KEY even though the registry metadata doesn't declare it — verify the key's scope and origin and avoid reusing high-privilege keys; (2) the script looks for a .env two levels up, which can read project-level secrets unintentionally — check which .env it will load or place the API key only in the intended skills/.env; (3) the script disables SSL certificate verification when contacting Baidu, which makes the API key and responses vulnerable to network interception — ask the author to remove the SSL disablement (use default SSL verification) before using in any sensitive environment. If you still want to use it, inspect or run the script in an isolated environment, provide a limited-scope token if possible, and consider rotating the BAIDU_API_KEY after testing.

Review Dimensions

Purpose & Capability: concernThe code implements the advertised Baidu web_summary search and targets the same API endpoint described in SKILL.md, so functionality matches the purpose. However, the skill requires a BAIDU_API_KEY (documented in SKILL.md and used by scripts/search.py) but the registry metadata lists no required environment variables — this mismatch is an incoherence in declared requirements.
Instruction Scope: concernSKILL.md only instructs the agent to set BAIDU_API_KEY in skills/.env and run the script. The script, however, will also attempt to read a .env file two levels up from the script directory (potentially the repository/project root) to find BAIDU_API_KEY, which is broader than the single-file configuration described. The script sends the API key to the stated Baidu endpoint and does not exfiltrate other files, but it explicitly disables SSL verification (ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE), which undermines the security of communications and could expose the API key to network interception.
Install Mechanism: okThere is no install spec (instruction-only plus a small script). Nothing is downloaded or installed by the skill, and no third-party packages are pulled in automatically.
Credentials: concernThe only secret the code needs is BAIDU_API_KEY, which is proportionate to the stated purpose. However, the skill's registry metadata does not declare this required environment variable even though both SKILL.md and the script depend on it. Additionally, the script will search for BAIDU_API_KEY in a parent .env file (../../.env), which can expose or reuse a project-level secret unintentionally.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges. always is false, and there is no install step that modifies other skills or system-wide configs.