Zai Usage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This usage monitor largely does what it says, but it requires a Z.AI browser session JWT that the registry does not declare as a credential and stores/sources it from local files.
Review this skill before installing. It appears to query only the Z.AI quota endpoint, but it depends on a browser-session JWT stored locally. Treat that token like a password: put it in `~/.openclaw/secrets/zai.env`, run `chmod 600` on the file, do not share logs or files containing it, and revoke/refresh the token if you suspect exposure.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this token is exposed or mishandled, someone may be able to act as the user against Z.AI services within whatever access that session token allows.
The skill asks the user to extract and store a browser-session JWT, which is a sensitive account credential, while the registry metadata lists no primary credential and no required environment variables.
Get your JWT token from https://z.ai/manage-apikey/subscription ... Application → Local Storage → `z-ai-open-platform-token-production` ... Store in `~/.openclaw/secrets/zai.env`: `ZAI_JWT_TOKEN=eyJhbGci...`
Only install if you are comfortable giving the skill access to this Z.AI session token; store it in a protected secrets file, revoke/refresh it if exposed, and the publisher should declare the credential requirement in metadata.
Users may believe the stored session token is locked down when the documented setup may leave permissions dependent on their shell umask or existing file settings.
The README claims the token file uses 600 permissions, but the documented setup command only writes the file with `echo ... > ~/.openclaw/secrets/zai.env` and does not show a `chmod 600` step.
Security - Tokens are stored in `~/.openclaw/secrets/zai.env` - Never displayed in logs or responses - File permissions: `600` (owner read/write only)
After creating the token file, run `chmod 600 ~/.openclaw/secrets/zai.env`; the publisher should add this command to setup or avoid making an unconditional permission claim.
If one of these env files is modified by another process or user, running the skill could execute unexpected shell commands.
The script loads environment files with shell `source`, which executes their contents. This is common for env-file loading but means those files must be trusted.
source ~/.openclaw/secrets/zai.env ... source "$SKILL_DIR/.env" ... source ~/.zai.env
Keep these env files owner-writable only, avoid adding anything except simple `ZAI_JWT_TOKEN=...` assignments, and prefer parsing env files without executing them where possible.