dasfgg
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Baidu web-search helper that uses a Baidu API key and sends search queries to Baidu, with no evidence of hidden persistence, destructive actions, or unrelated data access.
This skill appears coherent and purpose-aligned. Before installing, make sure you are comfortable using a Baidu API key for searches and avoid entering sensitive or secret information as search terms.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may be billed, rate-limited, or attributed to the Baidu account associated with the API key.
The skill uses a user-provided Baidu API key as a bearer credential to authenticate search requests. This is expected for the stated Baidu search purpose.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_keyUse a scoped or dedicated BAIDU_API_KEY if available, and install only if you intend the agent to search through Baidu.
Any sensitive text included in a search query may be shared with Baidu.
The user's query is placed into a request body sent to Baidu's external API. This is purpose-aligned for web search, but it is still an external data flow.
url = "https://qianfan.baidubce.com/v2/ai_search/web_search" ... "content": parse_data["query"]
Avoid putting secrets, private documents, or confidential personal information into search queries unless you are comfortable sending them to Baidu.
The skill may fail if requests is unavailable, or may rely on whatever requests package is installed in the local Python environment.
The script depends on the Python requests package, while no install specification is provided. There is no hidden installer or remote script, but the runtime dependency should come from a trusted environment.
import requests
Run it in a trusted Python environment with known-good dependencies.