Zai Usage
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to monitor Z.AI usage as advertised, but it asks for a browser session JWT and stores it locally even though the registry metadata declares no credential requirement.
Review carefully before installing. This skill is not clearly malicious and its API call matches its quota-monitoring purpose, but it requires a sensitive Z.AI browser-session token. If you use it, store the token with `chmod 600 ~/.openclaw/secrets/zai.env`, avoid sharing logs or env files, and rotate the token if you later uninstall or suspect exposure.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed or misused, it may allow access to the user's Z.AI account beyond simply viewing usage.
A browser-session JWT can represent broad account authority, not just read-only quota access. The registry metadata declares no primary credential or required environment variable, so this sensitive authority is under-disclosed.
You need a JWT token from your Z.AI browser session (not an API key).
Only install if you are comfortable providing a browser-session token. Prefer a scoped read-only API key if Z.AI offers one, and the skill should declare the credential requirement in metadata.
A user may believe the session token is locked down when it may be readable according to the system's default file permissions.
The setup command writes the token file but does not set restrictive permissions, while the security section says permissions are 600. On common systems this may leave the token less protected than the documentation implies.
echo "ZAI_JWT_TOKEN=eyJhbGci..." > ~/.openclaw/secrets/zai.env ... File permissions: `600`
After creating the file, run `chmod 600 ~/.openclaw/secrets/zai.env`, and the skill documentation should include that command explicitly.
If one of the sourced env files is tampered with, running the usage script could execute unintended shell commands.
The script loads configuration by shell-sourcing local env files. This is a common pattern, but those files can execute shell code if modified by an attacker or untrusted content.
source ~/.openclaw/secrets/zai.env ... source "$SKILL_DIR/.env" ... source ~/.zai.env
Keep the env files private and trusted, use restrictive permissions, and consider parsing only the expected `ZAI_JWT_TOKEN` variable instead of shell-sourcing whole files.
The skill may fail or prompt users to install tools that were not visible in the registry requirements.
The skill documentation requires local command-line tools, but the registry metadata lists no required binaries. This is a dependency declaration gap rather than evidence of hidden behavior.
Requirements - `curl` - HTTP requests - `jq` - JSON parsing - `bc` - Number formatting (optional)
Declare curl and jq as required binaries and bc as optional in the skill metadata.