baidu qianfan agent chat
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: baidu-qianfan-agent-chat Version: 1.0.0 The skill bundle is a legitimate implementation for interacting with the Baidu Qianfan AI platform. The core logic in `scripts/chat.py` facilitates API calls to the official Baidu endpoint (qianfan.baidubce.com), handles session persistence through a local JSON state file, and supports standard features like streaming and function calling. No evidence of data exfiltration, malicious execution, or prompt injection was found; the requirement for the `QIANFAN_API_KEY` environment variable is consistent with the stated purpose of the skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may consume Qianfan account quota and use the configured Qianfan application context.
The script uses a Qianfan API key as a bearer credential and, unless overridden, sends requests for a specific default app_id. This is expected for the integration, but it is account-authorizing behavior.
DEFAULT_APP_ID = "e52a2419-4327-48e8-b9dc-9bf037199fc2" ... api_key = os.environ.get("QIANFAN_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a scoped or revocable Qianfan API key, keep it out of logs and shared shells, and pass your intended --app-id if the default app is not yours.
If the selected Qianfan app has tools or workflows, these parameters may cause the remote app to take different actions than a plain chat request.
The CLI can pass tool-choice, tool output, action, and related JSON parameters through to the Qianfan API. This is aligned with the advertised Function Call/API-wrapper purpose, but it can influence remote app behavior.
parser.add_argument("--tool-choice", help="强制执行的工具选择,JSON字符串") ... parser.add_argument("--action", help="动作配置,JSON字符串,用于回复信息收集节点")Only provide tool/action/custom metadata values you trust, and review the Qianfan app’s configured tools and permissions before using forced tool choices.
Later Qianfan calls may continue the previous conversation context unless a new session is requested.
The script persists the returned conversation_id and automatically reuses it on later calls, creating cross-invocation conversational continuity.
SESSION_STATE_FILE = Path(__file__).parent.parent / "state" / "session.json" ... save_session_state({"conversation_id": result["conversation_id"]})Use --new-session or delete state/session.json when switching topics, users, or sensitivity levels.