Baidu Hot

PassAudited by ClawScan on May 1, 2026.

Overview

The skill only fetches and displays a public Baidu hot-search list, with minor setup/provenance metadata inconsistencies but no evidence of hidden data access or harmful behavior.

This appears safe for its stated purpose: it contacts Baidu's public hot-search API and prints trending terms. Before installing, note that provenance is weak and the docs/metadata are incomplete, so verify the source if needed and make sure curl is installed.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may need to manually verify where the skill came from and ensure curl is available before use.

Why it was flagged

The skill references a placeholder-looking homepage and declares a curl dependency in artifact metadata while the supplied registry requirements list no required binaries. This is a setup/provenance clarity issue, not evidence of malicious behavior.

Skill content

homepage: https://github.com/yourusername/baidu-hot
metadata: {"clawdbot":{"emoji":"🔥","requires":{"bins":["curl"]}}

Recommendation

Confirm the source if provenance matters, and expect the skill to require curl even though the registry requirement summary does not list it.