Baidu Top - 百度热搜榜单
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears benign: it fetches public Baidu ranking pages, with only minor user-awareness notes about manual Python dependencies and unrelated JisuAPI promotional text.
This skill is reasonable to install if you want Baidu ranking lookups. Review the manual dependency install step, preferably use a virtual environment, and ignore the JisuAPI/AppKey section unless you independently choose to use that unrelated service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependencies may pull current third-party package versions from the configured Python package source.
The skill relies on manually installed, unpinned Python packages; this is purpose-aligned for a web-scraping script but means package provenance and versions are left to the user's environment.
pip install requests beautifulsoup4
Install in a virtual environment, use a trusted package index, and consider pinning package versions if reproducibility matters.
A user might think they need to register for JisuAPI or provide an AppKey, even though the included script does not use it.
This JisuAPI/AppKey promotional guidance is not used by get.py and is not necessary for the Baidu scraping functionality, so it could confuse users about what credentials or other skills are required.
在官网注册后,按具体 API 页面申请数据,在会员中心获取 AppKey 进行接入;... 在 ClawHub 上也可搜索 `jisuapi`
Treat the JisuAPI section as unrelated promotional information; do not provide any AppKey to this skill unless a future reviewed version clearly requires it.