← Back to Skills Marketplace
457
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install zhsearch
Description
Chinese search enhancement: search Baidu, Zhihu, and WeChat articles. Returns AI-optimized structured results in Chinese. Paid skill (0.001 USDT/call via Ski...
Usage Guidance
This skill appears to implement the claimed searches, but I recommend caution before installing or enabling it broadly:
- Do not assume SKILL.md's 'no local files' claim is accurate: the skill reads identity files and will send an identifier (deviceId or hostname+username) to the billing endpoint.
- The code contains a hardcoded billing API key (lib/billing.mjs). That is a secret embedded in distributed code — it could be abused by the publisher or an attacker who modifies the skill. Ask the publisher why the key is embedded and request a safer billing design (server-side charging or per-install keys).
- The baidu module falls back to an undocumented third-party free API (v.api.aa1.cn). Ask the publisher to disclose all external endpoints and justify them.
- For testing, run the tool locally with the --no-billing flag and monitor network connections (or sandbox it) before giving it network access in production or allowing autonomous invocation.
- If you must use it: avoid installing on devices with sensitive local data or identity you don't want sent to an external billing service. Prefer installing only after the publisher removes the embedded API key or provides clear billing documentation and an opt-in consent flow.
If you want, I can produce a short message you can send to the publisher asking for: (1) removal of the hardcoded API key, (2) disclosure/justification of v.api.aa1.cn usage, and (3) correction of the SKILL.md claims about local file access.
Capability Analysis
Type: OpenClaw Skill
Name: zhsearch
Version: 1.0.0
The skill implements a mandatory pay-per-use billing mechanism (0.001 USDT/call) that collects and exfiltrates system identifiers to a third-party service (skillpay.me). Specifically, search.mjs and lib/billing.mjs resolve a 'callerId' by reading local identity files (~/.openclaw/identity/device.json) or falling back to collecting the system hostname and username (os.hostname, os.userInfo), which are then sent to the billing API. While this behavior is documented in SKILL.md, the collection of host-level identity data for a search utility is a privacy risk and represents a high-privilege tracking behavior.
Capability Assessment
Purpose & Capability
Name/description and code generally align (search Baidu, Zhihu, WeChat). However the code embeds a SkillPay API key and uses a third-party 'v.api.aa1.cn' free API as an alternate Baidu source (not declared in SKILL.md). The billing integration and embedded secret are not strictly necessary to perform scraping/searching and increase risk.
Instruction Scope
SKILL.md states 'Local files: None read or written' but search.mjs reads local files to resolve a caller ID (~/.openclaw/identity/device.json and possible OPENCLAW_STATE_DIR path). The code sends caller identity (or hostname/username) to the billing endpoint. The SKILL.md lists Baidu/Sogou/Zhihu/SkillPay but omits the alternate free API endpoint (v.api.aa1.cn) used by lib/baidu.mjs.
Install Mechanism
No install spec is provided (instruction-only install), code is pure Node with dependencies declared in package.json/package-lock.json (cheerio, commander). There are no downloads or opaque installers in the spec.
Credentials
The package requires only 'node', but the code reads environment variables OPENCLAW_CALLER_ID, OPENCLAW_AGENT_ID, and OPENCLAW_STATE_DIR (not declared in SKILL.md). More seriously, lib/billing.mjs contains a hardcoded API key (sk_...) and skill ID — a secret embedded in distributed code can be abused or exfiltrated and is disproportionate to a client-side search utility.
Persistence & Privilege
always:false and the skill does not request system-wide config changes. It does attempt to identify the caller (reading identity files or using hostname/username) to bill via SkillPay, which increases its privacy footprint but is not an elevated platform privilege like always:true.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zhsearch - After installation, invoke the skill by name or use
/zhsearch - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Baidu, Zhihu, WeChat article search with SkillPay billing
Metadata
Frequently Asked Questions
What is Chinese Search Enhancement?
Chinese search enhancement: search Baidu, Zhihu, and WeChat articles. Returns AI-optimized structured results in Chinese. Paid skill (0.001 USDT/call via Ski... It is an AI Agent Skill for Claude Code / OpenClaw, with 457 downloads so far.
How do I install Chinese Search Enhancement?
Run "/install zhsearch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Chinese Search Enhancement free?
Yes, Chinese Search Enhancement is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Chinese Search Enhancement support?
Chinese Search Enhancement is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Chinese Search Enhancement?
It is built and maintained by jinp0830 (@jinp0830); the current version is v1.0.0.
More Skills