glm-v-model

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Zhipu GLM vision-model helper, but it sends provided images and prompts to Zhipu's API.

Install only if you intend to use Zhipu's GLM vision API. Provide ZHIPU_API_KEY deliberately, install zai-sdk from a trusted source, expect API quota or billing use, and avoid sending confidential images, documents, screenshots, or prompts unless Zhipu's data handling terms are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger description contains broad natural-language phrases such as 图片理解、图像识别、多模态分析、看图说话、图表分析、视频理解, which could cause the skill to be invoked in situations beyond the author's intent. Over-broad routing can expose user-provided images, videos, or prompts to an external model service unexpectedly, increasing privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The function sends user-provided images and prompt text to a third-party Zhipu API, which is a real data-exposure risk when inputs may contain sensitive content. In a vision-analysis skill, this behavior is expected, but the lack of visible disclosure, consent flow, or data-classification checks means users or integrators may unknowingly transmit private images, documents, or screenshots off-platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal