ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baidu web search

v2.1.0

Use Baidu Qianfan web search API for real-time web retrieval. Use when the user needs to search the web, get latest news, verify facts, or expresses intent l...

2· 4.9k·77 current·81 all-time
byHean Liu@liuhean2021
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts/search.js calls the Baidu Qianfan web_search endpoint and requires a single API credential. Declared dependency (axios) and BAIDU_API_KEY are appropriate for a web-search skill. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
SKILL.md narrowly instructs callers to execute only `node scripts/search.js` and explicitly forbids reading or printing the API key or config.json. Those instructions align with the code (which reads env var first, then config.json as fallback). Note: the prohibition is a policy instruction (can't be enforced technically by the script), so it relies on the agent/platform to comply.
Install Mechanism
No install spec is provided (instruction-only install). The package.json lists a single, well-known dependency (axios). No downloads from arbitrary URLs or extracts are present. Typical npm install is required if running locally.
Credentials
Only BAIDU_API_KEY is required and declared as the primary credential. The script reads BAIDU_API_KEY from the environment and falls back to a local config.json (documented). No additional secrets or unrelated credentials are requested.
Persistence & Privilege
The skill does not request permanent/global privileges (always:false). It does not modify other skills or system configuration. SKILL.md mentions the platform may store the key (e.g., ~/.openclaw/openclaw.json) — this is a platform behavior, not an unexpected action by the skill.
Assessment
This skill appears to be a straightforward Baidu Qianfan search integration and is internally consistent. Before installing: 1) Prefer injecting BAIDU_API_KEY via the platform's secure skill/config UI rather than pasting it into public chat; 2) If running locally, store config.json with strict file permissions and ensure it's in .gitignore; 3) Be aware the SKILL.md's rules (do not print or expose the key) are advisory—agents or humans could still leak the key if mishandled, so avoid sharing the key in open channels and rotate it if accidentally exposed; 4) Run npm install in a trusted environment (axios is the only dependency); 5) If you need stricter guarantees (e.g., multi-tenant hosting), verify how your platform stores and restricts access to the key before enabling the skill.
scripts/search.js:20
Environment variable access combined with network send.
!
scripts/search.js:25
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qe2rz08p79a59hv4gd1stn83n3ts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments