Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (Baidu AI web search) match the code and runtime behavior: a small FastAPI service that calls Baidu's web_search endpoint. The single required environment variable (BAIDU_API_KEY) is appropriate. The only slightly unexpected item is the explicit requirement for a 'uv' CLI binary (and a Homebrew formula named 'uv') — this appears to be an environment helper used in the SKILL.md (uv venv / uv pip / uv run) rather than something intrinsic to a search proxy; it is unusual but not evidently malicious.
Instruction Scope
SKILL.md instructs creating a .env with BAIDU_API_KEY and running a local FastAPI server; the code only reads BAIDU_API_KEY and an optional OPENAPI_SERVER_URL. The service accepts search requests and forwards them to Baidu's API. There are no instructions to read unrelated files, other credentials, or to send data to third-party endpoints beyond Baidu's documented API.
Install Mechanism
Install uses a Homebrew formula 'uv' to provide the 'uv' binary. Homebrew is a common installer, but the 'uv' formula is not a universally-known system binary; review the Homebrew package 'uv' before installing to ensure it matches expectations. The Python dependencies are declared in pyproject.toml and installed via pip (invoked through the 'uv' helper), which is proportional for a small FastAPI service.
Credentials
Only BAIDU_API_KEY is required and declared as the primary credential, which is appropriate for a proxy that authenticates to Baidu's API. No other SECRET/TOKEN/PASSWORD env vars or config paths are requested. The code uses BAIDU_API_KEY and an optional OPENAPI_SERVER_URL environment variable (the latter is harmless and documented).
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system configs, and runs as a standalone local HTTP service. It does not ask for elevated or persistent system privileges.
Assessment
This package appears to be what it says: a small FastAPI proxy that sends queries to Baidu's AI search API and returns results. Before installing, verify the Homebrew 'uv' formula (so you know what binary will be installed), protect the BAIDU_API_KEY (the key will be sent to Baidu's API), and run the service locally (the default binds to 127.0.0.1). Avoid sending sensitive secrets as search queries because request bodies may be logged by the service's validation handler. If you prefer not to install a new Homebrew formula, you can run the Python app directly with a normal venv + pip instead of the 'uv' helper.Like a lobster shell, security has layers — review code before you run it.
latestvk9705b51gcdf0ccx0bq7t1r9bd82dr20
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Binsuv
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY
Install
Install uv via Homebrew
Bins: uv
brew install uv