Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Skill content
const value = process.env[key];
Baidu Search Provider
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The plugin mostly matches its Baidu search purpose, but the submitted artifacts include real-looking credentials, including an npm publish token, which creates a serious review concern.
Treat this as a review-needed plugin until the publisher removes the .env file, rotates the exposed credentials, and republishes a clean artifact. The Baidu search functionality itself is coherent, but users should also understand that the agent can automatically send search queries to Baidu when the tool or hook is enabled.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Skill content
const value = process.env[key];
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
export BAIDU_API_KEY=[REDACTED]
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED] ?? readEnvString(ENV_VAR_MAPPING.apiKey),
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED] ?? readEnvString(ENV_VAR_MAPPING.apiKey),
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED] ?? readEnvString(ENV_VAR_MAPPING.apiKey),
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If these tokens are valid, they should be treated as compromised; the npm token could affect package publishing integrity, and the Baidu key could cause searches to run under an unintended account.
Why it was flagged
The artifact includes real-looking service credentials. A Baidu key is sensitive, and an npm publishing token is unrelated to a Baidu search plugin's runtime purpose.
Skill content
export BAIDU_API_KEY=bce-v3/... export NPM_PUBLISH_TOKEN=npm_...
Recommendation
Revoke and rotate the exposed tokens, remove .env from all released/source artifacts, and declare only the necessary optional Baidu credential in plugin metadata.
What this means
Unexpected local files and stale packaged archives make provenance less clear and increase the chance that secrets or unintended code are distributed.
Why it was flagged
The scanned artifact manifest includes a local env file and an older generated tarball, while the registry/package version is 1.0.2 and the documentation says generated archives and .env should not be included.
Skill content
.env ... z-imagine-openclaw-baidu-search-1.0.0.tgz
Recommendation
Publish from a clean build artifact, exclude local env files and generated archives, and ensure the reviewed package contents match the documented release contents.
What this means
The agent may automatically prefer Baidu search for Chinese or China-related prompts when the hook is enabled.
Why it was flagged
The plugin intentionally injects prompt context to influence when the agent chooses baidu_search.
Skill content
一个可选 Hook:在 `before_prompt_build` 阶段给 Agent 注入“什么时候该使用 `baidu_search`”的提示
Recommendation
Leave the hook enabled only if you want automatic Baidu-search steering; disable hookEnabled if you prefer explicit tool use.
What this means
Search queries may be sent to Baidu or fetched through Baidu web search when the agent invokes the tool.
Why it was flagged
The plugin registers an agent-callable tool that sends user-provided search queries to the configured Baidu API or crawler provider.
Skill content
api.registerTool(tool); ... searchEngine.searchSafe(query, { count }, signal)Recommendation
Avoid sending sensitive/private queries through this tool unless you are comfortable with Baidu receiving them, and review mode/proxy/API-key configuration.