Baidu Wenku AI picture book of video
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for generating Baidu picture-book videos, but it requires a Baidu API key and sends user story content to Baidu or a configured proxy.
This looks safe for its stated purpose if you expect to use Baidu’s AI picture-book API. Before installing, be aware that it needs your Baidu API key and that the text you submit for generation will be sent to the provider; avoid using sensitive private content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill gives it access to make Baidu API requests under the provided key.
The script uses the provided Baidu API key as a bearer credential to create picture-book tasks. This is expected for the Baidu integration and there is no evidence of hardcoded keys or credential logging.
"Authorization": f"Bearer {api_key}"Use a dedicated or least-privileged Baidu API key if possible, and avoid passing the key on the command line when an environment variable can be used.
Any story text, descriptions, or task IDs used with the skill may be sent to Baidu/Qianfan or, in the configured sandbox path, through the scheduler proxy.
User-provided story or description text is packaged into the API request for the Baidu picture-book generation endpoint. This is necessary for the service, but it means submitted content leaves the local environment.
"input_content": content
Do not submit confidential, regulated, or private content unless you are comfortable sharing it with the external provider and any configured platform proxy.
The package identity is slightly harder to verify against an upstream source.
The included _meta.json version differs from the supplied registry version 1.1.2, and the skill listing has no source or homepage. This is a minor provenance/packaging inconsistency, not evidence of malicious behavior.
"version": "1.1.1"
Confirm the publisher and version in the registry before installing, especially if you rely on provenance controls.