Zhipu Embeddings
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zhipu-embeddings-v2 Version: 1.0.0 The skill bundle is designed to interact with the Zhipu embeddings API. It implements several security best practices, including using `jq` for safe JSON escaping of user input (preventing injection), enforcing HTTPS with TLS 1.2 for network communication to a legitimate API endpoint (`open.bigmodel.cn`), and providing explicit warnings in `SKILL.md` regarding API key visibility in process lists and safe handling. The `search.sh` script correctly validates input length and handles API errors. There is no evidence of malicious intent, data exfiltration, persistence mechanisms, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make outbound API requests when using this skill.
The skill permits shell-based curl and jq usage. That is central to calling the Zhipu API, but it is still network-capable command execution that users should notice.
allowed-tools: Bash(curl:*) Bash(jq:*)
Use it only when you intend to call Zhipu, and verify requests stay limited to the documented Zhipu endpoints.
Anyone who can read or misuse the API key may be able to use your Zhipu account quota or permissions.
The script uses a Zhipu API key as a bearer token. This is expected for this provider integration, but it gives access to the user's Zhipu account/API quota.
KEY="$ZHIPU_API_KEY" ... -H "Authorization: Bearer $KEY"
Use a minimally scoped key if available, keep it out of shared environments, and rotate it if exposed.
Text you ask to embed may leave your machine and be processed by Zhipu.
The user-supplied text is sent to the external Zhipu embeddings API over HTTPS. The destination is disclosed and purpose-aligned, but it creates an external data boundary.
TEXT="$1" ... "https://open.bigmodel.cn/api/paas/v4/embeddings" ... -d "$PAYLOAD"
Avoid sending sensitive, private, or regulated content unless you trust Zhipu's handling of that data.
You may expect live web-search answers, but the included script appears to return embeddings instead.
The documentation frames the skill as useful for latest/current information and references an embeddings.sh script, while the provided runnable script is skill/scripts/search.sh and calls the embeddings endpoint. This looks like a documentation/capability mismatch rather than hidden malicious behavior.
Use when user asks for web embeddings, latest news, or needs current information. ... ./embeddings.sh "搜索内容"
Verify the actual output and endpoint before relying on it for current news or factual web search.