Back to skill
Skillv1.0.2
VirusTotal security
Baidu Finance Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 7:11 AM
- Hash
- 0d75945edea1f7979aa06d02e906fbd9eb2d4ba567375aee495feb4a310f7741
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: baidu-finance-search Version: 1.0.2 The skill implements a finance search tool using the Baidu Qianfan API. A significant security vulnerability is present in `scripts/search.py`, where SSL certificate verification is explicitly disabled (`ssl.CERT_NONE`), exposing the `BAIDU_API_KEY` and search queries to potential interception via man-in-the-middle attacks. While the code logic aligns with the stated purpose and no intentional data exfiltration was found, this high-risk implementation detail warrants a suspicious classification.
- External report
- View on VirusTotal