Zhipu Embeddings
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a small Zhipu API wrapper, but it needs a Zhipu API key, sends your input to Zhipu, and has some documentation/metadata inconsistencies.
Before installing, confirm you trust the publisher and Zhipu with the text you submit. Set ZHIPU_API_KEY only in a trusted environment, avoid sensitive inputs, and verify the skill's behavior because the documentation mixes web search/current-news wording with a script that appears to generate embeddings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make outbound API requests when using this skill.
The skill permits shell-based curl and jq usage. That is central to calling the Zhipu API, but it is still network-capable command execution that users should notice.
allowed-tools: Bash(curl:*) Bash(jq:*)
Use it only when you intend to call Zhipu, and verify requests stay limited to the documented Zhipu endpoints.
Anyone who can read or misuse the API key may be able to use your Zhipu account quota or permissions.
The script uses a Zhipu API key as a bearer token. This is expected for this provider integration, but it gives access to the user's Zhipu account/API quota.
KEY="$ZHIPU_API_KEY" ... -H "Authorization: Bearer $KEY"
Use a minimally scoped key if available, keep it out of shared environments, and rotate it if exposed.
Text you ask to embed may leave your machine and be processed by Zhipu.
The user-supplied text is sent to the external Zhipu embeddings API over HTTPS. The destination is disclosed and purpose-aligned, but it creates an external data boundary.
TEXT="$1" ... "https://open.bigmodel.cn/api/paas/v4/embeddings" ... -d "$PAYLOAD"
Avoid sending sensitive, private, or regulated content unless you trust Zhipu's handling of that data.
You may expect live web-search answers, but the included script appears to return embeddings instead.
The documentation frames the skill as useful for latest/current information and references an embeddings.sh script, while the provided runnable script is skill/scripts/search.sh and calls the embeddings endpoint. This looks like a documentation/capability mismatch rather than hidden malicious behavior.
Use when user asks for web embeddings, latest news, or needs current information. ... ./embeddings.sh "搜索内容"
Verify the actual output and endpoint before relying on it for current news or factual web search.