Baidu Yijian Vision
ReviewAudited by ClawScan on May 6, 2026.
Overview
This appears to be a coherent Baidu cloud vision integration, but it uses a Baidu API key, sends image/query data to Baidu services, and stores a small local cache.
Install only if you are comfortable using Baidu Yijian cloud processing for the images, video frames, and prompts you provide. Protect the YIJIAN_API_KEY, verify the publisher/source because registry provenance is limited, and validate results manually for safety-critical monitoring or industrial inspection decisions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A single invocation may make multiple Baidu API calls and process the provided image or intent through different Baidu routes.
The documented intent workflow can automatically select a skill and fall back to multimodal inference after the user starts it.
系统会自动:... 调用对应的专业视觉技能 ... 自动回退到多模态直接推理
Use the direct invoke workflow or raise the confidence threshold when you need tighter control over which API path is used.
Anyone with access to the configured environment variable could use the associated Baidu Yijian account/API quota.
The skill requires and uses a Baidu Yijian API key as a bearer credential for service calls.
const key = process.env.YIJIAN_API_KEY; ... 'Authorization': `Bearer ${apiKey}`Use a scoped or trial API key where possible, keep it out of shared logs, and revoke/rotate it if the environment is exposed.
Images, video frames, and prompts may leave the local machine and be processed by Baidu services.
Local images used in multimodal fallback are converted for inclusion in a request to the external Baidu router.
const resolvedUrl = isLocalFilePath(imageUrl) ? imageToDataUri(imageUrl) : imageUrl; ... httpsRequest(routerMultimodalUrl(), { method: 'POST'Do not submit confidential images or surveillance footage unless Baidu’s terms, retention, and privacy handling are acceptable for your use case.
Workspace skill listings or related cached metadata may remain on disk temporarily, though the code hashes the API key for cache separation and supports TTL expiry.
The helper cache persists JSON data in a temporary local directory.
const CACHE_DIR = path.join(os.tmpdir(), 'baidu-yijian-vision-cache'); ... fs.writeFileSync(filePath, JSON.stringify(data, null, 2), 'utf-8');
Clear the temp cache on shared machines and avoid treating cached skill descriptions as trusted instructions.
Users have less context for verifying the publisher before granting an API key and sending image data to the service.
The registry metadata does not provide an upstream source or homepage for independent provenance review.
Source: unknown; Homepage: none
Verify the owner and Baidu endpoint expectations before installing, especially in production or safety-monitoring environments.