Baidu web search
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward Baidu web search skill that requires a Baidu API key; no malicious behavior was found, but users should understand the credential and proxy behavior.
This skill appears safe for its stated purpose. Before installing, configure a dedicated Baidu API key, review any Baidu Cloud costs or quotas, and be aware that in sandbox mode searches may be routed through a configured OpenClaw scheduler proxy.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may use the user's Baidu Cloud account, quota, billing, or access permissions.
The skill requires a Baidu API key and instructs users to store it in OpenClaw configuration, which is expected for Baidu API access but gives the skill account-backed search authority.
"BAIDU_API_KEY": "your_actual_api_key_here"
Use a dedicated, revocable Baidu API key with only the permissions needed for AI Search, and monitor Baidu Cloud usage.
In sandbox mode, search queries and a session identifier may be visible to the configured scheduler proxy.
When DUMATE sandbox environment variables are present, the skill routes the Baidu request through a scheduler proxy and includes a session ID header. This appears to be sandbox plumbing and does not send the Baidu API key, but it is a separate gateway path from the directly documented Baidu endpoint.
proxy_url = f"{scheduler_url}/api/qianfanproxy{parsed.path}" ... "X-Dumate-Session-Id": session_idOnly run this skill in trusted OpenClaw/sandbox environments, and avoid putting highly sensitive information in search queries unless you trust the configured proxy path.