Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Zhipu GLM Image
v1.0.1智谱 GLM-Image 网页端图片生成与下载。用于:检查 image.z.ai 登录态、必要时自动打开浏览器登录、抓取浏览器 Cookie、通过网页接口生成图片并下载到本地。适用于“用智谱生图”“生成一张图并保存/发送”“检查智谱登录状态”“自动打开智谱登录页”等场景。
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the implementation: the scripts capture browser cookies, check/refresh a login session, call image.z.ai web endpoints using those cookies, and download images. Capturing cookies and opening the site's login page are necessary for the 'web-login-state' approach the skill documents.
Instruction Scope
SKILL.md and the scripts clearly instruct the agent to: use Chrome DevTools Protocol on port 18800 to read cookies, open the site login page if needed, and POST to image.z.ai proxy endpoints. The documentation mentions the remote-debugging dependency and npm install, but does not include step-by-step instructions for securely launching a browser with remote debugging enabled (or for non-Windows platforms). The code is Windows-oriented (uses process.env.USERPROFILE and cmd.exe 'start'), which is stated in places but may not be obvious to all users.
Install Mechanism
There is no automated install spec — the repo includes package.json and asks the user to run npm install in scripts/. The only dependency is chrome-remote-interface from the public npm registry, which is reasonable for using CDP.
Credentials
No environment variables or external credentials are requested, which matches the described cookie-based approach. However, the script reads browser cookies via CDP, filters them by domains (z.ai, bigmodel.cn, chatglm), and writes those cookies unencrypted to a session file in the user's home directory (%USERPROFILE%\.zhipu_image_session.json). Accessing and persisting cookies is sensitive — expected for the stated purpose, but high-risk if you don't trust the code or if other domains are accidentally matched.
Persistence & Privilege
The skill does not request permanent platform privileges (always: false). It does write a local session file and can autonomously open the browser and capture cookies when invoked. If the agent is allowed to invoke skills autonomously, this behavior increases blast radius because the skill can launch the browser and attempt to capture session cookies while running.
Assessment
This skill appears to do what it claims, but it captures live browser cookies and saves them unencrypted to disk and requires exposing your browser's remote-debugging port. Only install/run it if you trust the source. Before running: (1) review the scripts (zhipu_api.js) yourself to confirm no unexpected network endpoints or exfiltration, (2) enable remote debugging only on an isolated browser profile or in a disposable VM/container, (3) be aware the tool saves cookies to %USERPROFILE%\.zhipu_image_session.json — delete that file when you're done, (4) run npm install inside the scripts/ directory and inspect the installed dependency (chrome-remote-interface), and (5) if you are not on Windows or cannot/should not expose remote debugging, do not run it. If you want extra assurance, run the tool in a throwaway Windows VM or container and monitor network traffic while using it.scripts/zhipu_api.js:118
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk979tpp2wqg2r4zcfrh8vny8qn847baw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.