Z.AI Web Search
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Z.AI web search skill, but searches, URLs, and the ZAI_API_KEY are used with external network services.
This skill is reasonable to install if you want Z.AI-backed web search. Before using it, set a dedicated ZAI_API_KEY, avoid sensitive search queries, treat returned web text as untrusted information, and only extract pages or URLs you intentionally want the agent to read.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or low-quality search result could include text that tries to influence the agent if the agent treats search output as instructions instead of data.
The skill prints external web-result summaries into the agent context. That is expected for a search tool, but the text is untrusted web content and could contain prompt-injection-style instructions.
const content = String(r?.content ?? "").trim(); ... console.log(` ${content.slice(0, 400)}${content.length > 400 ? "..." : ""}`);Treat search results and extracted page text as untrusted evidence. Do not follow instructions found in web pages unless they are independently verified and aligned with the user request.
If directed at private, local, or internal URLs, the tool could retrieve content that the user did not intend to place into the agent context.
The extraction helper fetches arbitrary URLs supplied as arguments. This is purpose-aligned, but it is not restricted to public web URLs by the artifact.
const urls = args.filter(a => !a.startsWith("-")); ... const resp = await fetch(url, {Use the extract command only for intended public or trusted URLs, and avoid localhost, private-network, cloud-metadata, or authenticated URLs unless you explicitly want that content read.
The key may allow API usage under the user's Z.AI account, including any associated billing or quota impact.
The script reads a Z.AI API key from the environment and sends it as a Bearer credential to the Z.AI API. This matches the declared setup and purpose.
const apiKey = (process.env.ZAI_API_KEY ?? process.env.Z_AI_API_KEY ?? "").trim(); ... "Authorization": `Bearer ${apiKey}`Use a dedicated API key with the minimum needed scope if available, keep it out of logs and shared shells, and rotate it if it may have been exposed.
Sensitive search terms could be shared with Z.AI as part of normal operation.
Search queries, domain filters, and recency filters are sent to the external Z.AI provider endpoint. This is disclosed and central to the skill's function.
search_query: query, ... fetch("https://api.z.ai/api/paas/v4/web_search", { ... body: JSON.stringify(body)Avoid entering confidential, regulated, or secret information in search queries unless sharing it with the provider is acceptable.