Baidu Search Node

The skill is classified as suspicious due to a critical shell injection vulnerability identified in the `SKILL.md` file. The `baiduSearch` function, intended to be executed by the OpenClaw agent, constructs a shell command using `execSync` where the `query` parameter is directly interpolated without proper shell escaping. This allows an attacker to inject arbitrary shell commands (e.g., `foo"$(rm -rf /)"`) leading to Remote Code Execution (RCE) on the host system. While the `baidusearch.js` script itself correctly `encodeURIComponent` for URL parameters, this sanitization occurs too late, after the shell command has already been formed and executed.