baidu baike search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Baidu Baike lookup skill, with expected API-key and external-query behavior plus minor provenance/dependency details to verify.
This skill looks coherent and purpose-aligned. Before installing, confirm you trust the publisher, provide only a scoped Baidu API key, ensure the Python requests dependency is available, and avoid sending sensitive or confidential search terms to the external Baidu API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill lets it make Baidu API requests under the provided API key, which may have quota, billing, or account implications depending on the key's scope.
The skill reads a Baidu API key from the environment and uses it as a bearer token for Baidu API requests. This is expected for the stated service, but it is still delegated account/API authority.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated, revocable, least-privilege Baidu API key and monitor usage or quotas.
Search terms may be visible to Baidu/AppBuilder along with use of the API key.
The script sends the user-provided search key as request parameters to Baidu's external API endpoint. This is aligned with the lookup purpose, but it means query terms leave the local agent environment.
BASE_URL = "https://appbuilder.baidu.com/v2/baike" ... requests.get(url, params=params, headers=self.headers, timeout=30)
Avoid using the skill for confidential names, secrets, or sensitive internal terms unless that external sharing is acceptable.
The skill may require an already-installed Python requests package, and the package metadata is not perfectly consistent.
The supplied registry metadata lists an unknown source and version 1.1.0, while the included _meta.json lists version 1.0.2 and the script imports requests without an install spec. This is a minor provenance/dependency clarity issue.
Source: unknown; Version: 1.1.0
Verify the publisher/source and dependency environment before installation, especially if using it in a controlled or production agent setup.