ClawHub

baidu-search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu Qianfan search helper that uses your API key to send search terms to Baidu and return results.

Install this only if you are comfortable sending search terms and filters to Baidu Qianfan with your own API key. Use a dedicated key where possible, keep any .env file private, and avoid secrets, personal data, or confidential business queries unless your organization permits that provider flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation instructs users to send arbitrary search queries to Baidu Qianfan's external enterprise search API but does not clearly warn that user prompts, keywords, or potentially sensitive data will be transmitted to a third-party service. This creates a real privacy and data-governance risk because an agent may forward confidential, regulated, or internal information in search queries without the user's informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes sending search queries to Baidu Qianfan's external enterprise search API but does not warn that user prompts and search terms will be transmitted to a third-party service. In a search skill, user queries may contain sensitive personal, proprietary, or regulated information, so the absence of a clear disclosure increases the risk of unintended data exposure and misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal