ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

deepresearch conversation

v1.1.2

Deep ReSearch Conversation is provided by Baidu for multi-round streaming conversations with "Deep Research" agents. "In-depth research" is a long-process task involving multi-step reasoning and execution, which is different from the ordinary "question-and-answer". A dialogue that requires the user to repeatedly verify and correct it until a satisfactory answer is reached.

2· 6.4k·25 current·30 all-time
by@ide-rea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binaries (python3, curl), and required env var (BAIDU_API_KEY) align with a Baidu Deep Research client. However, the code accesses ~/.openclaw/openclaw.json to obtain the API key if the environment variable is missing, while the skill metadata lists no required config paths. This is a mismatch between declared requirements and actual behavior.
Instruction Scope
SKILL.md instructs the agent to call Baidu endpoints for conversation creation, file upload, parsing, and to run the included Python script to consume SSE streams. The instructions do not direct the agent to read unrelated system files or exfiltrate data beyond the Baidu API endpoints. The only extra scope is the documented/implicit automatic loading of the API key from the OpenClaw config, which the Python script implements.
Install Mechanism
There is no install spec (instruction-only with an included script), so nothing is downloaded or written by an installer. The included Python script depends on the 'requests' package but no installer is provided; this is an operational omission rather than a security red flag.
!
Credentials
The skill requests a single credential (BAIDU_API_KEY), which is proportional to its purpose. However, the Python script also attempts to read the OpenClaw config file in the user's home directory to obtain the same key if the env var is missing. The manifest did not declare this config-file access; reading a user config file that may contain other credentials is an extra (undeclared) access to sensitive data.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. It only reads a config file for a credential and makes outbound requests to Baidu endpoints; no permanent presence or elevated privilege behavior was observed.
What to consider before installing
This skill appears to implement the described Baidu DeepResearch workflow and only needs your BAIDU_API_KEY. Two things to check before installing: (1) The included Python script will try to read ~/.openclaw/openclaw.json if BAIDU_API_KEY is not in the environment — verify that file's contents and remove any unrelated secrets or avoid relying on it by setting BAIDU_API_KEY in the environment. (2) The script imports the 'requests' library but the package install is not specified; ensure your environment provides requests from a trusted source. If you are uncomfortable with the skill reading your OpenClaw config, either set BAIDU_API_KEY in the environment or inspect/clean the config file first. Overall this is plausible for its stated purpose but the undeclared config-file access is an inconsistency worth caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6z4msghh4vdexbwenj6bzn813504

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📌 Clawdis
Binspython3, curl
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Comments