baidu qianfan agent chat
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Baidu Qianfan chat API wrapper, but users should notice that it uses a Qianfan API key, sends conversation data to Baidu, supports remote tool/action parameters, and saves a conversation ID locally.
Before installing, confirm you are comfortable sending prompts, file IDs, tool metadata, and conversation context to Baidu Qianfan. Set QIANFAN_API_KEY only in trusted environments, verify the app_id you want to use, and start a new session when you do not want previous conversation context reused.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may consume Qianfan account quota and use the configured Qianfan application context.
The script uses a Qianfan API key as a bearer credential and, unless overridden, sends requests for a specific default app_id. This is expected for the integration, but it is account-authorizing behavior.
DEFAULT_APP_ID = "e52a2419-4327-48e8-b9dc-9bf037199fc2" ... api_key = os.environ.get("QIANFAN_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a scoped or revocable Qianfan API key, keep it out of logs and shared shells, and pass your intended --app-id if the default app is not yours.
If the selected Qianfan app has tools or workflows, these parameters may cause the remote app to take different actions than a plain chat request.
The CLI can pass tool-choice, tool output, action, and related JSON parameters through to the Qianfan API. This is aligned with the advertised Function Call/API-wrapper purpose, but it can influence remote app behavior.
parser.add_argument("--tool-choice", help="强制执行的工具选择,JSON字符串") ... parser.add_argument("--action", help="动作配置,JSON字符串,用于回复信息收集节点")Only provide tool/action/custom metadata values you trust, and review the Qianfan app’s configured tools and permissions before using forced tool choices.
Later Qianfan calls may continue the previous conversation context unless a new session is requested.
The script persists the returned conversation_id and automatically reuses it on later calls, creating cross-invocation conversational continuity.
SESSION_STATE_FILE = Path(__file__).parent.parent / "state" / "session.json" ... save_session_state({"conversation_id": result["conversation_id"]})Use --new-session or delete state/session.json when switching topics, users, or sensitivity levels.