skill for searching images and boards in zizo library (https://zizo.pro).
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—search Zizo images and boards—but it requires a Zizo API token and sends search requests to the configured Zizo server.
This skill is reasonable to install if you trust Zizo and need image/board search. Keep ZIZO_TOKEN private, use the default/trusted HTTPS server unless you intentionally configure another one, and use public scope unless you mean to search private or all accessible content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the documented local Zizo CLI commands when asked to search images or boards.
The skill asks the agent to use Bash to run a local Node command. This is the disclosed mechanism for performing searches, but users should notice that the workflow relies on command execution.
tools: Bash ... node dist/index.js search images "$QUERY" --limit ${LIMIT:-10} --scope ${SCOPE:-public}Keep usage limited to the documented node dist/index.js search/config/version commands and review any unexpected shell commands.
Package/bin invocation may not work as expected unless the documented dist/index.js path is used.
The package metadata points to ./index.js, while the provided file manifest contains dist/index.js and SKILL.md instructs use of dist/index.js. This is an entrypoint/provenance inconsistency, not evidence of hidden behavior.
"main": "index.js", "bin": { "zizo": "./index.js" }The publisher should align package metadata with the bundled files and declare Node/token requirements; users should install only from a trusted source.
Anyone who obtains the token may be able to use Zizo access granted to that token.
The CLI reads a Zizo token from the environment and sends it as a bearer token to authorize searches. This matches the skill purpose, although the registry metadata under-declares the credential requirement.
token: process.env.ZIZO_TOKEN || DEFAULT_CONFIG.token ... 'Authorization': `Bearer ${config.token}`Use a token intended only for Zizo, keep it out of logs and shared shells, and rotate or revoke it if exposed.
Your search terms, selected scope, and authorization token are shared with the configured Zizo server.
Search queries and parameters are sent to an HTTPS MCP endpoint. The default is zizo.pro, but ZIZO_SERVER can change the destination.
const url = new URL(`${config.server}/mcp`); ... callMCP('tools/call', { name: 'search_images_by_text', arguments: { query: args.query, limit: args.limit, scope: args.scope } })Leave ZIZO_SERVER set to the trusted default unless intentionally using another server, and avoid sensitive queries if you do not want them sent to that service.