baidu-scholar-search
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a normal literature-search wrapper, but users should know it sends searches through the SkillBoss/HeyBoss API with a SkillBoss API key rather than directly to Baidu Scholar.
Before installing, confirm that you trust the SkillBoss/HeyBossAI API service, not just Baidu Scholar branding, and provide a SkillBoss API key only in an environment you control.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms entered through the skill are sent to api.heybossai.com.
The skill sends the user's search keyword to an external API endpoint. This is expected for a search integration and is disclosed, but users should be aware of the destination.
curl -s -X POST ... -d "{\"type\": \"search\", \"inputs\": {\"query\": \"$WD\"}, \"prefer\": \"balanced\"}" ... "https://api.heybossai.com/v1/pilot"Use the skill only for queries you are comfortable sending to the SkillBoss/HeyBossAI service.
The skill can use your SkillBoss API key to make search requests to the provider.
The skill requires a SkillBoss API key and passes it as a bearer token to the stated API provider. This is purpose-aligned, but it is a credential dependency users should notice.
if [ -z "$SKILLBOSS_API_KEY" ]; then ... -H "Authorization: Bearer $SKILLBOSS_API_KEY"
Set the API key only in a trusted environment and prefer a scoped or revocable key if the provider supports it.