Back to skill
Skillv1.5.0
ClawScan security
Auto Search using Google Baidu · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 20, 2026, 5:59 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions largely match a dual Google/Baidu search purpose, but there are inconsistencies (registry metadata omits the API keys the skill actually needs) and a prompt-injection signal (unicode control characters) in SKILL.md that merit caution before installing.
- Guidance
- This skill's code matches its description (auto-select Google/Baidu) and uses only standard Python libraries and network calls to the search APIs, which is normal. Before installing: 1) Verify the package source (no homepage provided and owner is anonymous). 2) Inspect SKILL.md/README for hidden characters (the pre-scan detected unicode control chars) and remove any unexpected control characters. 3) Confirm you are comfortable providing GOOGLE_API_KEY + GOOGLE_CX and/or BAIDU_API_KEY; treat those as sensitive and store them in a secure place. 4) Run the code in an isolated environment (sandbox/container) first and review network calls (e.g., via proxy) to ensure endpoints are only Google/Baidu. 5) Ask the publisher to correct the registry metadata to list the required env vars; the omission reduces transparency. If any of the above checks fail (unknown remote endpoints, extra network destinations, hidden control characters, or inability to verify the publisher), do not install in a production environment.
- Findings
[unicode-control-chars] unexpected: SKILL.md was flagged for unicode control characters that can be used in prompt-injection techniques or to hide content. This is unexpected for a simple search skill's README/instructions. Inspect SKILL.md and README.md for hidden characters or unusual sequences before trusting the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to auto-select Google or Baidu and the included Python code implements that behavior and calls the expected APIs. However the registry metadata declares no required environment variables while the SKILL.md and src/search.py clearly expect GOOGLE_API_KEY + GOOGLE_CX and/or BAIDU_API_KEY. That metadata mismatch is an incoherence that should be resolved before trusting the package.
- Instruction Scope
- okSKILL.md instructs installing dependencies, copying a .env and supplying API keys, and running the provided Python CLI/API. The instructions and code only access local .env and environment variables, and make network requests to search endpoints (Google and Baidu). There are no instructions to read unrelated system files or exfiltrate arbitrary data. However SKILL.md contained a detected 'unicode-control-chars' injection signal (see scan findings) which could be an attempt to influence LLM behavior or be an artifact — inspect the file for hidden characters.
- Install Mechanism
- okThere is no binary-download install spec; it's an instruction-only skill with a Python file and a simple requirements.txt (requests, python-dotenv). Installing with pip from the included requirements is standard and low-risk compared to remote downloads or arbitrary extracted archives.
- Credentials
- noteRequesting GOOGLE_API_KEY, GOOGLE_CX and BAIDU_API_KEY is proportionate to the stated functionality (calling those search APIs). The code requires at least one engine's credentials. The problem is the registry metadata omitted declaring these required env vars — this mismatch reduces transparency and is a risk if users assume no secrets are needed.
- Persistence & Privilege
- okThe skill does not request elevated or persistent platform privileges (always is false). It does not modify other skills or global configs. It will read a local .env file if present; consider that a local secret surface but not a platform privilege escalation.