Security audit
百度千帆网页搜索 Provider for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
Code, README, and runtime instructions are internally consistent for a Baidu (Qianfan) web-search provider and request only the expected API key; nothing in the package indicates unexplained credential or system access.
This plugin appears coherent for adding Baidu Qianfan web search to OpenClaw. Before installing, 1) only provide the Baidu API key (BAIDU_API_KEY / QIANFAN_API_KEY) if you trust the plugin source; the key authorizes requests to qianfan.baidubce.com. 2) Note the test files contain copy/paste inconsistencies (provider id/label mismatches) — a sign of sloppy tests, not necessarily malicious code; you may want to review the source (src/baidu-web-search-provider.js) yourself. 3) If you need stronger isolation, run the plugin in a restricted environment or verify network egress rules so the key only goes to the expected Qianfan endpoint. 4) If you require higher assurance, ask the maintainer for an explanation of the test mismatches or for a signed release/source provenance.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
