ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Investment Advisor Zhang Openclaw Cn

v1.0.0

通过百度 AI 搜索 API 进行网页搜索,获取实时信息和搜索结果。

0· 95·1 current·1 all-time
byLiu HaoRan@acceleratel

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for acceleratel/investment-advisor-zhang-openclaw-cn.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Investment Advisor Zhang Openclaw Cn" (acceleratel/investment-advisor-zhang-openclaw-cn) from ClawHub.
Skill page: https://clawhub.ai/acceleratel/investment-advisor-zhang-openclaw-cn
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: BAIDU_API_KEY
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install investment-advisor-zhang-openclaw-cn

ClawHub CLI

Package manager switcher

npx clawhub@latest install investment-advisor-zhang-openclaw-cn
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's code and SKILL.md implement a Baidu AI web-search proxy service, but the published skill name ('Investment Advisor Zhang Openclaw Cn') suggests an investment-advice capability. This name–function mismatch is unexplained and could be either mislabeling or an attempt to disguise purpose. Also SKILL.md lists version 1.0.1 while registry metadata shows 1.0.0.
Instruction Scope
Runtime instructions are limited to creating a .env with BAIDU_API_KEY, installing dependencies, and running a local FastAPI service; the code reads only BAIDU_API_KEY and calls Baidu's qianfan API. The instructions do not ask for unrelated files or other secrets.
Install Mechanism
Install uses a Homebrew formula named 'uv' to provide a required 'uv' binary. This is an uncommon dependency for a Python FastAPI app (the code uses uvicorn, not a binary named 'uv'), and the brew formula origin is not specified. Homebrew installs and extracted packages can introduce third-party code — confirm the 'uv' formula is trusted and note that brew-based install may be inappropriate on non-macOS systems.
Credentials
Only BAIDU_API_KEY is required and used as the Authorization bearer for Baidu API calls; that is proportionate to a web-search proxy. No other credential or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as a local service when started; autonomous invocation is allowed by default but not combined with other high-risk indicators.
What to consider before installing
This package appears to be a Baidu AI web-search proxy that needs only BAIDU_API_KEY, but the skill title suggests an investment advisor — confirm you intended to install a search helper, not an investment tool. Before installing: (1) verify the Homebrew 'uv' formula source (or avoid it and run the Python app with your own venv/uvicorn), (2) run the service in an isolated environment (container/VM) and inspect network traffic to ensure it only calls Baidu, (3) confirm the BAIDU_API_KEY you provide has appropriate scope and is not reused for other sensitive services, and (4) ask the publisher for clarification about the mismatched name/version and the need for the 'uv' binary. If you intended an investment-advice skill, do not install this package until the owner clarifies the mismatch.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
Binsuv
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY

Install

Install uv via Homebrew
Bins: uv
brew install uv
latestvk971408gm80khqn415g5pd42c583kk21
95downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Liu HaoRan@acceleratel
latest
Download

🔍 百度搜索

Search the web with Baidu AI

通过百度 AI 搜索 API 进行网页搜索,获取中文互联网的实时信息。

Setup

cd {baseDir}
echo "BAIDU_API_KEY=your-api-key" > .env
uv venv && uv pip install -e ".[dev]"
uv run --env-file .env uvicorn baidu_search.main:app --host 127.0.0.1 --port 8001

需要在 .env 或环境变量中设置 BAIDU_API_KEY

获取 API Key

  1. 访问 百度智能云控制台
  2. 创建应用获取 API Key

Quick Start

  1. 检查服务: curl http://127.0.0.1:8001/ping

  2. 搜索网页:

curl -X POST http://127.0.0.1:8001/search \
  -H "Content-Type: application/json" \
  -d '{
    "query": "北京有哪些旅游景区",
    "top_k": 10
  }'
  1. 带时间过滤的搜索:
curl -X POST http://127.0.0.1:8001/search \
  -H "Content-Type: application/json" \
  -d '{
    "query": "最新科技新闻",
    "top_k": 5,
    "recency_filter": "week"
  }'
  1. 限定网站搜索:
curl -X POST http://127.0.0.1:8001/search \
  -H "Content-Type: application/json" \
  -d '{
    "query": "天气预报",
    "top_k": 5,
    "site_filter": ["www.weather.com.cn"]
  }'

API 参数

参数类型默认值说明
querystring必填搜索关键词
top_kint10返回结果数量 (1-20)
recency_filterstringnull时间过滤: day, week, month, year
site_filterlistnull限定搜索的网站列表

Response Format

{
  "results": [
    {
      "title": "北京十大必去景点",
      "url": "https://example.com/beijing-attractions",
      "snippet": "北京作为中国的首都,拥有众多著名景点...",
      "site_name": "旅游网"
    }
  ],
  "total": 10
}

Conversation Flow

  1. 用户提问需要搜索的内容
  2. 判断是否需要时间过滤(如"最新"、"今天"等)
  3. 调用搜索 API 获取结果
  4. 整理并展示相关信息
  5. 可根据需要深入查看某个结果

使用场景

  • 查询实时信息(新闻、天气、股票等)
  • 搜索中文互联网内容
  • 获取特定网站的信息
  • 时效性要求高的查询

Comments

Loading comments...