← Back to Skills Marketplace
wsh66660

Baidu Search Node

by wangsihong · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
932
Downloads
0
Stars
5
Active Installs
2
Versions
Install in OpenClaw
/install baidu-search-node
Description
通过 Node.js 脚本调用百度搜索 API,可按关键字和数量参数获取排序、标题、摘要和链接的搜索结果。
README (SKILL.md)

Baidu Search Skill

百度搜索命令行工具,通过 Node.js 脚本爬取百度搜索结果(无需 API key)。

激活条件

当用户提到:

  • 百度搜索
  • 用百度搜一下
  • baidu search
  • 使用 baidu_search 工具

工具实现

使用 baidusearch.js 脚本,位于 /Users/mac/.openclaw/workspace/skills/baidu-search/baidusearch.js

使用方式

# 基本搜索
node baidusearch.js "搜索内容"

# 指定结果数量
node baidusearch.js "搜索内容" -n 10

# 调试模式
node baidusearch.js "搜索内容" -n 5 -d 1

参数说明

参数 类型 必需 默认值 说明
[keyword] string - 搜索关键字
-n, --num number 10 返回结果数量
-d, --debug number 0 调试模式(0-关闭,1-打开)

返回格式

每条搜索结果包含:

  • rank - 排名
  • title - 标题
  • abstract - 摘要/描述
  • url - 链接

与百度官方 API 技能对比

功能 baidu-search-node (本技能) baidu-search (官方 API)
API Key ❌ 不需要 ✅ 需要 BAIDU_API_KEY
资源类型过滤 ❌ 仅网页 ✅ web/video/image/aladdin
时间过滤 ❌ 不支持 ✅ week/month/semiyear/year
网站过滤 ❌ 不支持 ✅ 匹配/屏蔽网站
安全搜索 ❌ 不支持 ✅ 支持
实现方式 网页爬虫 百度千帆 API

配置

openclaw.json 中添加:

{
  tools: {
    baiduSearch: {
      enabled: true,
      scriptPath: "/Users/mac/.openclaw/workspace/skills/baidu-search/baidusearch.js",
      defaultCount: 5,
      timeout: 30000,
    },
  },
}

使用方法

// 执行百度搜索
const { execSync } = require('child_process');

function baiduSearch(query, count = 5) {
  const scriptPath = '/Users/mac/.openclaw/workspace/skills/baidu-search/baidusearch.js';
  const cmd = `node "${scriptPath}" "${query}" -n ${count}`;
  const output = execSync(cmd, { encoding: 'utf-8' });
  return parseOutput(output);
}

依赖安装

# 进入 skill 目录
cd /Users/mac/.openclaw/workspace/skills/baidu-search

# 安装依赖
npm install axios cheerio commander

注意事项

  • 需要 Node.js 环境
  • 依赖 axios、cheerio、commander 包
  • 搜索结果来自百度网页,可能包含广告
  • 建议设置合理的 timeout 避免请求超时
  • 无需 API key,开箱即用
Usage Guidance
This skill is a web-scraper that fetches HTML from baidu.com and parses results — it is not an official Baidu API client despite the description. Before installing: (1) accept that scraped HTML is brittle and may break or return unexpected content (and could include ads); (2) review the full baidusearch.js to ensure there are no hidden remote endpoints or unexpected behaviors (current code shows only requests to baidu.com); (3) be aware the SKILL.md uses a hard-coded /Users/mac path — update to a correct path for your environment to avoid executing unknown local files; (4) the package-lock references cnpm mirrors — if your environment requires packages from the official npm registry, re-install dependencies from registry.npmjs.org or inspect the packages; (5) run the skill in a sandbox or non-production environment first if you have concerns about scraping TOS or outbound network activity. If you expected an official Baidu API client (with API-key features or filters), do not rely on this skill.
Capability Analysis
Type: OpenClaw Skill Name: baidu-search-node Version: 1.1.0 The skill is classified as suspicious due to a critical shell injection vulnerability identified in the `SKILL.md` file. The `baiduSearch` function, intended to be executed by the OpenClaw agent, constructs a shell command using `execSync` where the `query` parameter is directly interpolated without proper shell escaping. This allows an attacker to inject arbitrary shell commands (e.g., `foo"$(rm -rf /)"`) leading to Remote Code Execution (RCE) on the host system. While the `baidusearch.js` script itself correctly `encodeURIComponent` for URL parameters, this sanitization occurs too late, after the shell command has already been formed and executed.
Capability Assessment
Purpose & Capability
The skill description/summary suggests calling a Baidu search API, but the SKILL.md and baidusearch.js clearly implement web scraping of baidu.com (no API key required). This is a semantic mismatch: consumers expecting an official API client (stable query params, time/quality filters) will instead get an HTML scraper with brittle parsing. The SKILL.md explicitly contrasts this tool with an "official API" and admits it is a crawler.
Instruction Scope
Runtime instructions tell the agent to run a local Node script via node/child_process.execSync and to install axios/cheerio/commander. The SKILL.md points to a hard-coded absolute path (/Users/mac/.openclaw/workspace/skills/...), which may not match other user environments and could cause the agent to execute unexpected local files if paths are different. Aside from calling the local script and performing outbound HTTP requests to baidu.com, the instructions do not ask the agent to read unrelated files or credentials.
Install Mechanism
There is no automated install spec (instruction-only plus included code). Dependencies are standard Node packages (axios, cheerio, commander). The package-lock shows packages resolved from Chinese npm mirrors (r.cnpmjs.org / r2.cnpmjs.org) rather than the official registry; this is notable but consistent with typical mirrors and not inherently malicious.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to a web-scraping/search helper. No secrets-exfiltration indicators are declared in the SKILL.md or package files.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or claim to modify other skills. The SKILL.md shows the agent invoking a local script (normal for this skill type).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install baidu-search-node
  3. After installation, invoke the skill by name or use /baidu-search-node
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added comparison table with official baidu-search API skill, improved docs
v1.0.0
Initial release - Baidu web search via Node.js script with axios/cheerio
Metadata
Slug baidu-search-node
Version 1.1.0
License
All-time Installs 5
Active Installs 5
Total Versions 2
Frequently Asked Questions

What is Baidu Search Node?

通过 Node.js 脚本调用百度搜索 API,可按关键字和数量参数获取排序、标题、摘要和链接的搜索结果。 It is an AI Agent Skill for Claude Code / OpenClaw, with 932 downloads so far.

How do I install Baidu Search Node?

Run "/install baidu-search-node" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Baidu Search Node free?

Yes, Baidu Search Node is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Baidu Search Node support?

Baidu Search Node is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Baidu Search Node?

It is built and maintained by wangsihong (@wsh66660); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments