Zhipu Search

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends user search queries to Zhipu's web search API using a declared API key, with no hidden persistence or unrelated access found.

Install only if you trust Zhipu with the search terms you submit. Use a limited-scope API key, avoid shared machines or shell startup files for long-lived secrets, and do not send confidential prompts, credentials, personal data, or internal business content as search queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill's trigger guidance is very broad (`search for`, `look up`, `latest news`) and lacks exclusion boundaries, which can cause over-selection for many generic user requests. In an agent environment, that increases the chance of unnecessary external calls and transmission of user queries to a third-party service when a local answer or different skill would have been more appropriate.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash export ZHIPU_API_KEY="your_key" curl -s -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \ -H "Authorization: Bearer $ZHIPU_API_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 91% confidence
Finding: curl -s -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \ -H "Authorization: Bearer $ZHIPU_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal