ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

test

v1.0.0

Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.

0· 125·0 current·0 all-time
byDang Trung Kien@dtkien182

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dtkien182/ken-test.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "test" (dtkien182/ken-test) from ClawHub.
Skill page: https://clawhub.ai/dtkien182/ken-test
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: BAIDU_API_KEY
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ken-test

ClawHub CLI

Package manager switcher

npx clawhub@latest install ken-test
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (Baidu web search) matches the code: the Python script calls the Baidu qianfan web_search endpoint using BAIDU_API_KEY. However the package metadata is inconsistent: top-level name/slug/owner (registry metadata shows 'test' / 'ken-test' / owner kn7akw...) differs from embedded _meta.json entries (slug 'baidu-search', different ownerId), and files are duplicated under baidu-search-1.1.2 as well as top-level. These packaging/name/owner mismatches are unexpected and should be validated.
Instruction Scope
Runtime instructions and the script stay within the described purpose: they parse a JSON query, build a request body, and call Baidu's API. The instructions only reference BAIDU_API_KEY and a suggested OpenClaw config path (~/.openclaw/openclaw.json) for storing the key. There is no code that reads unrelated system files or exfiltrates data to unexpected endpoints.
Install Mechanism
No install spec (instruction-only) so nothing arbitrary gets downloaded at install time. However the Python script imports the third-party 'requests' library but the skill does not declare this dependency or provide an install step; that is an omission which may cause runtime failures. File duplication (same script repeated in two paths) is also unusual and worth confirmation.
Credentials
The only required environment variable is BAIDU_API_KEY (declared as primaryEnv) which is proportionate to a Baidu search integration. The script reads only BAIDU_API_KEY from the environment and nothing else.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide settings. The README suggests editing the OpenClaw config to add the API key, which is typical for credential setup and within scope.
What to consider before installing
This skill's code looks straightforward and implements Baidu web search, but there are a few red flags to check before installing: - Verify the author/source: package metadata and owner IDs differ from the embedded _meta.json and the registry slug; confirm you trust the publisher before giving it your BAIDU_API_KEY. - Confirm dependencies: the script requires the Python 'requests' library but the skill doesn't declare or install it. Install it in a controlled environment (e.g., pip install requests) or run in an isolated container. - Review duplicates: the same files appear in multiple places in the package; confirm this isn't accidental tampering. - Protect your API key: the skill expects BAIDU_API_KEY and suggests adding it to ~/.openclaw/openclaw.json. Consider whether you want the key in that file (it persists on disk) or prefer setting it in a session-scoped environment instead. - Run in isolation first: execute the script manually with a throwaway API key or in a sandbox to confirm behavior (it only contacts qianfan.baidubce.com and prints returned references). If you cannot verify the publisher or the packaging anomalies, avoid installing or provide the skill with a limited/testing API key until you are comfortable.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍︎ Clawdis
Binspython3
EnvBAIDU_API_KEY
Primary envBAIDU_API_KEY
latestvk979e2qppsjqzhbcxkqn9bnedd83njm3
125downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Dang Trung Kien@dtkien182
latest
Download

Baidu Search

Search the web via Baidu AI Search API.

Prerequisites

API Key Configuration

This skill requires a BAIDU_API_KEY to be configured in OpenClaw.

If you don't have an API key yet, please visit: https://console.bce.baidu.com/ai-search/qianfan/ais/console/apiKey

For detailed setup instructions, see: references/apikey-fetch.md

Usage

python3 skills/baidu-search/scripts/search.py '<JSON>'

Request Parameters

ParamTypeRequiredDefaultDescription
querystryes-Search query
countintno10Number of results to return, range 1-50
freshnessstrnoNullTime range, two formats: format one is ”YYYY-MM-DDtoYYYY-MM-DD“, and format two includes pd, pw, pm, and py, representing the past 24 hours, past 7 days, past 31 days, and past 365 days respectively

Examples

# Basic search
python3 scripts/search.py '{"query":"人工智能"}'

# Freshness first format "YYYY-MM-DDtoYYYY-MM-DD" example
python3 scripts/search.py '{
  "query":"最新新闻",
  "freshness":"2025-09-01to2025-09-08"
}'

# Freshness second format pd、pw、pm、py example
python3 scripts/search.py '{
  "query":"最新新闻",
  "freshness":"pd"
}'

# set count, the number of results to return
python3 scripts/search.py '{
  "query":"旅游景点",
  "count": 20,
}'

Current Status

Fully functional.

Comments

Loading comments...