Scan Report
5 /100
baidu-test
Search the web using Baidu AI Search Engine (BDSE)
A legitimate Baidu web search tool that makes HTTP POST requests to Baidu's official API using an environment variable API key. No malicious behavior, obfuscation, or credential exfiltration detected.
Safe to install
No blocking action required. Consider pinning the requests library version in a requirements.txt for improved supply chain hygiene.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned Python dependency Supply Chain | scripts/search.py:3 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | scripts/search.py:19 - HTTP POST to qianfan.baidubce.com |
| Environment | READ | READ | ✓ Aligned | scripts/search.py:67 - os.getenv('BAIDU_API_KEY') |
| Filesystem | NONE | NONE | — | No file operations in code |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
1 findings
Medium External URL 外部 URL
https://qianfan.baidubce.com/v2/ai_search/web_search scripts/search.py:10 File Tree
2 files · 4.8 KB · 154 lines Python 1f · 102L
Markdown 1f · 52L
├─
▾
scripts
│ └─
search.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Version not pinned |
Security Positives
✓ API key read from environment variable, not hardcoded
✓ No credential exfiltration - key only used for Baidu API authentication
✓ No shell execution (subprocess, os.popen) detected
✓ No obfuscation (base64, eval) or anti-analysis patterns
✓ Clean, readable code that matches documentation
✓ Makes requests to a known, legitimate Baidu API endpoint
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No C2 communication or data exfiltration patterns