百度热榜监控 | Baidu Hot Monitor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: baidu-hot-monitor Version: 1.0.0 The baidu-hot-monitor skill bundle is a legitimate tool designed to fetch, store, and visualize Baidu trending search data. It uses standard Python libraries (urllib, sqlite3) to interact with public Baidu APIs and manage a local database. The code is well-structured, lacks obfuscation, and its behavior aligns perfectly with the documentation in SKILL.md, with no evidence of data exfiltration or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less ability to verify the original source or update history.
No upstream repository or homepage is provided, which limits provenance verification even though the included code is visible.
Source: unknown Homepage: none
Install only if you are comfortable relying on the provided artifacts; prefer a verified upstream source if available.
When invoked, it contacts Baidu and may expose normal request metadata such as your IP address and user agent.
The skill performs a network request to Baidu to retrieve hot-search data, which is disclosed and central to the advertised function.
url = 'https://top.baidu.com/api/board?platform=wise&tab=realtime' ... urllib.request.urlopen(req, timeout=15)
Use it only when you are comfortable making requests to Baidu; no credentials are shown in the artifacts.
A local history of public Baidu hot topics remains on disk until removed.
The skill documents local persistence of fetched hot-topic data and generated reports.
data/ ├── baidu.db # SQLite 数据库 / Database └── index.html # HTML 报告(生成后)/ HTML report (generated)
Delete the local database or report files if you no longer want the history retained.
If upstream or database content were maliciously crafted, it could affect the local report page when opened in a browser.
Fetched titles are embedded into a JavaScript/HTML report and rendered via generated HTML; escaping would reduce risk from malformed or hostile upstream data.
const items = {json.dumps(items, ensure_ascii=False)}; ... <div class="item-title">${{item.title}}</div>Escape or sanitize report fields, or render them as text rather than raw HTML, especially before sharing reports.