Bailian Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a straightforward Bailian/DashScope web search wrapper that uses a required API key and sends user search queries to the expected provider.
This looks safe for its stated purpose. Before installing, make sure you trust the Bailian/DashScope service, use an appropriately scoped API key, and avoid submitting confidential information in search queries.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may consume or depend on the user's DashScope account and API key permissions.
The script authenticates to the declared DashScope/Bailian service using the user's DASHSCOPE_API_KEY. This is expected for the integration, but it gives the skill access to use that API account.
MCP_URL="https://dashscope.aliyuncs.com/api/v1/mcps/WebSearch/mcp" ... -H "Authorization: Bearer $DASHSCOPE_API_KEY"
Use a dedicated DashScope API key with the minimum needed permissions and monitor usage or billing.
Sensitive information included in a search query could be sent to the external DashScope/Bailian service.
The script sends the user-provided search query and count to an external MCP-style provider endpoint. This is the core purpose of the skill, but the provider will receive the search terms.
"method": "tools/call" ... "name": "bailian_web_search" ... "query": $query, "count": $count
Avoid placing secrets, private personal data, or confidential business information in search queries unless the provider is approved for that data.