Baidu Search

Name: baidu-search
Author: ide-rea

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

The Baidu search skill is vulnerable to

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Baidu Search: Search the web via Baidu AI Search API.

Actually does

This skill executes a Python script (`skills/baidu-search/scripts/search.py`) using `python3`. It requires a `BAIDU_API_KEY` environment variable for authentication and sends a JSON payload containing a search query, optional result count, and freshness parameters to an unspecified Baidu AI Search API endpoint.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameide-rea/baidu-search

Registryclawhub

Version1.1.3

PURLpkg:clawhub/ide-rea/baidu-search@1.1.3

Stars200

Downloads78,622

Installs863

Source

Repository ↗

SHA-2564fa6b504a90d...

SHA-1b438cd5255d6...

MD55357defa6e23...

TLSH2c3157a1cca2...

Size1,794 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ide-rea/baidu-search

78,622 downloads863 installs

ClawHubDocs

openclaw skills install ide-rea/baidu-search

Assessments (1)

AI Agent Traps ↗

Potential command injection via 'query' parametermediumcommand execution

The skill executes a Python script with a user-provided JSON string. The 'query' field within this JSON is a string that, if not properly sanitized by the Python script, could lead to command injection if the script internally uses it in a shell command.

70% confidenceline 20

python3 skills/baidu-search/scripts/search.py '<JSON>'
query | str | yes | - | Search query

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/baidu-search.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ide-rea/baidu-search)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ide-rea/baidu-search"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/baidu-search.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ide-rea/baidu-search.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow