Back to skill
Skillv1.0.0
ClawScan security
baidu-web-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 1:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required secret (SKILLBOSS_API_KEY) are consistent with a web-search proxy that calls the SkillBoss API; nothing in the bundle indicates it is trying to do something unrelated or malicious.
- Guidance
- This skill appears to do what it says: run a Node script that queries the SkillBoss search API using SKILLBOSS_API_KEY. Before installing: (1) Verify you trust the endpoint (https://api.heybossai.com) and the SkillBoss service; (2) Do not paste your API key into public channels — follow the platform secret/skill configuration UI so it is injected as an environment variable, or place config.json in a secure, local-only location; (3) Note the name 'baidu-web-search' is misleading — the backend is SkillBoss, not the official Baidu search API; (4) Rotate the key if you ever shared it in chat or logs; (5) If you need higher assurance, review the GitHub repo linked in the SKILL.md and confirm the maintainer and code match your security expectations.
Review Dimensions
- Purpose & Capability
- noteThe skill says 'baidu-web-search' in its name but the implementation and SKILL.md clearly call the SkillBoss API Hub (https://api.heybossai.com). Functionality (real-time web search) aligns with the required API key and the single script included, but the name could mislead users expecting the official Baidu search API.
- Instruction Scope
- noteThe SKILL.md limits runtime behavior to executing node scripts/search.js and explicitly forbids reading or printing the API key. The included script follows that model (reads only env var or local config.json). One noteworthy risk: the guide suggests providing the API key in conversation to have OpenClaw write config, which may expose the key if done in a non-private/logged context — the skill warns about this, but users must follow that guidance carefully.
- Install Mechanism
- okNo install script is embedded; package.json lists only axios as a dependency. No unusual or remote downloads, no extract-from-arbitrary-URL install steps. Typical npm dependency model (low risk).
- Credentials
- okOnly one credential is requested: SKILLBOSS_API_KEY, which is the expected secret for calling the SkillBoss API. The script reads that env var and falls back to a local config.json — behavior matches the declared requirement.
- Persistence & Privilege
- okSkill does not request always:true and does not attempt to modify other skills or system-wide settings. It only reads its own config.json or environment variable and runs a single script.