Openclaw Cn 百度搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Baidu web-search proxy, but users should understand that search queries are sent to Baidu.

Install only if you are comfortable using a Baidu API key and sending search terms to Baidu. Avoid searching for secrets, credentials, personal data, or confidential internal information, and keep the service bound to 127.0.0.1 unless you intentionally want network exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explains setup and usage but does not clearly warn users that their search queries are forwarded to Baidu's external API. Search terms can contain sensitive personal, business, or investigative information, so omission of this disclosure creates a privacy risk and undermines informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal