ClawHub

Zhipu Embeddings

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed Zhipu API integration, with the main risk being that user queries are sent to an external provider.

Install only if you are comfortable sending the queries you use with this skill to Zhipu/BigModel under your own API key. Do not use it for passwords, secrets, personal data, confidential business material, or regulated content unless your policy allows that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like 'look up' or 'find information about,' which can cause the skill to activate for general prompts and send user queries to a third-party service unnecessarily. In this context, that increases privacy and data-handling risk because activation results in external transmission to Zhipu, potentially exposing sensitive user input when a local answer would suffice.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are broad enough to overlap with ordinary user requests such as asking to 'look up' or 'find information about' something. That can cause unintended activation of this skill and unnecessary transmission of user prompts to an external provider, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits arbitrary user-supplied text to a third-party embedding service along with an authentication credential, but provides no user-visible notice, consent flow, or data-classification checks. In a skill framed as handling 'web/current information,' this is more dangerous because users may not realize their raw input is being sent off-platform to an external provider.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export ZHIPU_API_KEY="your_key"

curl -s -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \
  -H "Authorization: Bearer $ZHIPU_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
curl -s -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \ -H "Authorization: Bearer $ZHIPU_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal