Zhipu Search

This skill bundle is benign. The `SKILL.md` documentation clearly outlines its purpose and explicitly addresses security best practices, such as not sourcing shell configuration files and using environment variables for API keys. The core script `skill/scripts/search.sh` implements robust security measures, including proper input validation (query length limit) and critical JSON escaping using `jq -n --arg` to prevent injection vulnerabilities. It exclusively interacts with the official Zhipu API endpoint (`https://open.bigmodel.cn`) over HTTPS with TLS 1.2, and there is no evidence of data exfiltration, persistence mechanisms, or other malicious behaviors.