ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BigModel Web Search Fallback

Use Zhipu / BigModel web search as a non-invasive fallback when the built-in web_search route is unavailable, failing, or the user explicitly wants 智谱 / BigM...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 37 · 0 current installs · 0 all-time installs
by@gxhdky2345
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the included Python wrapper and the BigModel (open.bigmodel.cn) endpoints it calls. Requiring a BigModel API key is expected for this functionality. However, the registry metadata declares no required environment variables or primary credential while the SKILL.md and script clearly require one of ZAI_API_KEY, ZHIPUAI_API_KEY, or BIGMODEL_API_KEY — an inconsistency between claimed requirements and actual behavior.
!
Instruction Scope
The SKILL.md and the script instruct the agent to call BigModel web_search and chat/completions endpoints and to read API key environment variables. The instructions do not attempt to read unrelated files or credentials, but they do rely on environment variables that are not listed in the skill metadata. The script also accepts optional user_id/request_id values that could be used to correlate requests; the doc does not explain privacy impacts of these fields.
Install Mechanism
There is no install spec and this is instruction-only plus a small local Python script; nothing is downloaded or written to the host by an installer. This is the lowest-risk install pattern.
!
Credentials
The skill requires a single service credential (one of three API key env vars) which is proportional to the task, but the metadata fails to declare these required environment variables or a primary credential — meaning an agent or user might not be warned up-front about credential usage. The script sends the provided key as a Bearer token to open.bigmodel.cn (expected), so make sure you trust that endpoint and do not expose broader host credentials.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not request permanent presence or attempt to modify other skills or system configurations.
What to consider before installing
This skill appears to do what it says (call Zhipu/BigModel web search), but the package metadata does not list the API key environment variables that the script requires. Before installing: (1) confirm you trust the unknown source/homepage; (2) only provide a dedicated BigModel API key (not shared or overly privileged credentials) and scope it if possible; (3) expect the script to send that key to https://open.bigmodel.cn/api — review whether that endpoint is acceptable for your environment; (4) review or run the included script in a sandbox to verify behavior; (5) ask the publisher to update registry metadata to declare required env vars (ZAI_API_KEY / ZHIPUAI_API_KEY / BIGMODEL_API_KEY) and to include provenance information. If you cannot verify the author or do not want to expose an API key, do not install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972g07h1y8e4kywv2z0dcn8ys8387d1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

BigModel Web Search Fallback

Use this skill when you want Zhipu search without modifying OpenClaw core.

It provides a local wrapper script with two execution modes:

  • raw — call Zhipu Web Search API directly and get structured results
  • chat — call Zhipu chat completions with the built-in web_search tool and get a synthesized answer

Requirements

Make sure the OpenClaw host has one of these environment variables set:

  • ZAI_API_KEY
  • ZHIPUAI_API_KEY
  • BIGMODEL_API_KEY

If none is present, stop and report missing auth instead of retrying blindly.

Engine selection

This skill supports four Zhipu search engines:

  • search_std — default, lowest-cost/basic search
  • search_pro — stronger general search quality
  • search_pro_sogou — 搜狗-backed route
  • search_pro_quark — 夸克-backed route

Default to search_std unless the user asks for:

  • better search quality
  • broader retrieval coverage
  • a specific upstream engine
  • result comparison across engines

When the user explicitly names an engine, honor it.

Quick decision

  • Use raw when you want structured results such as title/link/summary/media/date and you will write the final answer yourself.
  • Use chat when you want GLM to search and summarize in one call.
  • Use search_std first for routine lookups.
  • Switch to search_pro when quality matters more than cost.
  • Switch to search_pro_sogou or search_pro_quark when the user wants to test or compare engines.

Commands

Run commands from the skill directory or use absolute paths.

Raw structured search

python scripts/zhipu_web_search.py raw --query "OpenClaw 是什么" --engine search_std --count 5 --pretty

Search + answer synthesis

python scripts/zhipu_web_search.py chat --query "请简要说明 OpenClaw 是什么,并给出搜索来源。" --engine search_std --count 5 --pretty

Higher-quality search

python scripts/zhipu_web_search.py raw --query "今天的 AI 新闻" --engine search_pro --count 5 --pretty

Explicit engine comparison

python scripts/zhipu_web_search.py raw --query "OpenClaw 是什么" --engine search_pro_sogou --count 5 --pretty
python scripts/zhipu_web_search.py raw --query "OpenClaw 是什么" --engine search_pro_quark --count 5 --pretty

Workflow

  1. Decide whether the task needs raw results or a chat-generated answer.
  2. Pick the engine:
    • default search_std
    • search_pro for better quality
    • search_pro_sogou / search_pro_quark for explicit engine routing or comparison
  3. Run the wrapper script.
  4. If using raw, summarize the returned results yourself and cite the best links.
  5. If using chat, still sanity-check the answer before sending it.
  6. If the user asks how this relates to built-in web_search, explain that this is a non-invasive fallback and does not replace OpenClaw core tooling.

Notes

  • The script prints JSON to stdout for easy parsing.
  • Supported flags include --domain-filter, --recency, --content-size, --count, and --engine.
  • Read references/api-notes.md if you need API details, engine guidance, or more examples.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…