ClawHub

Baidu Search 1 1 0.Skip

v1.0.0

Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.

0· 68·0 current·0 all-time
by@lulu-owo·fork of @leileitian/baidu-search-1-1-0 (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and scripts/search.py all implement a Baidu AI search client that requires BAIDU_API_KEY and python3 — this is coherent. Minor packaging inconsistency: registry metadata ownerId (kn7am49...) differs from _meta.json ownerId (kn7aq3...), which suggests a copy/paste or packaging mismatch but does not change functionality.
Instruction Scope
SKILL.md instructs the agent to pass JSON via file/stdin/arg and the script only reads that input, the BAIDU_API_KEY env var, and posts the request to a Baidu qianfan endpoint. It does not attempt to read other system files or unrelated environment variables.
Install Mechanism
No install spec (instruction-only) — lowest risk. The shipped script imports the Python 'requests' library, but SKILL.md and metadata do not declare 'requests' as a dependency; execution will fail unless 'requests' is available in the environment. No downloads or arbitrary remote installers are present.
Credentials
Only BAIDU_API_KEY is required and is the primary credential; this is proportional to a search API client. The script uses that key only to authenticate to Baidu's endpoint and does not enumerate other secrets.
Persistence & Privilege
Skill does not request persistent/global presence (always:false) and does not modify other skills or system configs. Autonomous invocation is allowed by default but is normal for skills and not combined with any broad/unrelated privileges here.
Assessment
This skill appears to do what it says: it sends the provided query and filters to Baidu's qianfan AI search endpoint using the BAIDU_API_KEY. Before installing, verify the following: (1) BAIDU_API_KEY will be sent to Baidu—do not use an API key that has broader permissions or access to sensitive resources you want to protect; (2) ensure the execution environment has the Python 'requests' package installed (SKILL.md does not list this dependency); (3) note the small metadata inconsistency (ownerId mismatch) which suggests packaging sloppiness—this is not necessarily malicious but you may want to confirm the origin; (4) avoid passing secrets in the 'query' field since the query content is transmitted to the remote API. If you need stricter guarantees about data residency or auditing, review your organization's policy before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk973tvbzbhpvpwfb9krsd6erf184agpa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍︎ Clawdis
Binspython3
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments