ClawHub

Baidu Search

v1.1.3

Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.

197· 77.2k·805 current·844 all-time
by@ide-rea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Baidu web search) match the code and required env var. The script calls Baidu's qianfan API and returns web_search references — BAIDU_API_KEY is the expected credential for that API.
Instruction Scope
SKILL.md only instructs running the included Python script with a JSON payload and how to configure BAIDU_API_KEY in OpenClaw config. It references editing ~/.openclaw/openclaw.json and restarting OpenClaw — this is within scope for configuring a skill, but note that storing API keys in a plaintext config file is recommended by the docs and may be a security/privacy consideration for users.
Install Mechanism
This is instruction-only with one script (no install spec). The script imports the third-party 'requests' library but the metadata does not declare that dependency; users will need to ensure 'requests' is installed (pip install requests) or the script will fail. No downloads or remote installers are present.
Credentials
The only required environment variable is BAIDU_API_KEY (declared as primaryEnv) which is proportional to the skill's purpose. The script reads no other environment variables or sensitive system paths.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent or elevated platform privileges and does not modify other skills or system settings.
Assessment
This skill appears to do what it says: call Baidu's AI Search API using the BAIDU_API_KEY. Before installing, consider: 1) The script requires the Python 'requests' package but the skill metadata doesn't declare it — install requests (pip) or the script will error. 2) The provided instructions recommend storing BAIDU_API_KEY in ~/.openclaw/openclaw.json (plaintext) — if you prefer, use a secrets store or platform-provided secret mechanism instead of a plain file. 3) The script prints responses to stdout (including returned references) — avoid running it in shared or logged environments if results are sensitive. 4) Verify you trust the skill source before providing a long-lived API key; you may prefer to create a limited-scope key on Baidu if possible. Overall, there are no signs of hidden endpoints or unrelated credential requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk973k1r7bscqd72h91pcrjy3958348qy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍︎ Clawdis
Binspython3
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments