Skillv1.0.3

ClawScan security

baidu-aistudio-llm-api · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 1:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (calling Baidu AI Studio APIs), but the package metadata omits the primary credential it expects (AI_STUDIO_API_KEY), an incoherence worth addressing before installing.
Guidance: This skill appears to do what it claims (help call Baidu AI Studio), but the package metadata failed to declare the required API token (AI_STUDIO_API_KEY). Before installing or using it: 1) confirm you are comfortable providing your Baidu AI Studio Access Token to the example code; 2) prefer setting the token in a secure secrets store or environment variable (not checked into code); 3) be aware that the instructions ask you to pip install the 'openai' package (third‑party code from PyPI); and 4) ask the publisher to update the registry metadata to list AI_STUDIO_API_KEY as a required credential so the skill's manifest matches its runtime behavior. If the publisher cannot justify the missing metadata, treat the omission as a higher-risk signal.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, example scripts, and reference docs all consistently describe a Baidu AI Studio (星河) LLM API helper. The code files (test_connection.py, list_models.py) and examples use the OpenAI-compatible OpenAI client pointed at aistudio.baidu.com, which aligns with the declared purpose.
Instruction Scope: okRuntime instructions and example scripts are narrowly scoped to: check/set AI_STUDIO_API_KEY, pip install openai, instantiate an OpenAI client with aistudio base_url, and call model endpoints. They do not instruct reading unrelated files, other env vars, or exfiltrating data to unknown endpoints.
Install Mechanism: noteThere is no formal install spec (instruction-only). SKILL.md instructs users to run 'pip install openai' which will install a third-party package from PyPI. That is typical for this kind of skill but means the installer will pull external code; the skill itself does not include any obscure downloads or installers.
Credentials: concernThe documentation and scripts clearly require the environment variable AI_STUDIO_API_KEY, but the registry metadata lists 'Required env vars: none' and 'Primary credential: none'. This metadata omission is an inconsistency: the skill does request a sensitive credential (an API token) for its stated purpose, and that should be declared explicitly. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request persistent system privileges, does not set 'always: true', and contains no installation steps that modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.