ClawHub

Zhipu GLM Image

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it handles browser login cookies and request logging in ways that users should review carefully before installing.

Review before installing. Use a dedicated browser profile if possible, avoid running network_monitor.js while browsing anything unrelated, and treat %USERPROFILE%\.zhipu_image_session.json like a password. Delete that file when you no longer need the skill or if you are concerned the session was exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script attaches to a Chrome DevTools Protocol endpoint and monitors network traffic, then selectively logs requests to domains and paths associated with the target service. It also prints POST bodies, which can contain prompts, session-linked identifiers, API parameters, and other sensitive data; in the stated skill context of checking login state and generating images, this broad traffic-inspection capability exceeds what is necessary and materially increases the risk of credential or data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill can '抓取浏览器 Cookie' and reuse login state, but it does not present a prominent warning about collecting and persisting session credentials from an existing browser session. This is dangerous because users may invoke the skill without realizing it accesses authentication material that could enable account actions or session theft if mishandled.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The preparation flow automatically opens a browser login page and writes generated files to local storage, but the documentation does not clearly frame these as side effects requiring user awareness. Even if lower severity, undisclosed browser automation and filesystem writes can surprise users, create privacy concerns, and cause unsafe assumptions about what the skill will do on their machine.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code logs captured request bodies directly to the console without warning or consent, and attempts to parse and print structured POST data. In a browser-authenticated workflow involving login state and image generation, request bodies may contain sensitive prompts, tokens, account metadata, or other private user content, so exposing them in logs creates a clear confidentiality risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script persists harvested browser session cookies to `%USERPROFILE%/.zhipu_image_session.json` in plaintext, without encryption, permission hardening, or prominent user disclosure. Those cookies can authenticate API requests; if another local process, user, or malware reads the file, it may hijack the victim's session and act as them on the service.

Ssd 3

High
Confidence
97% confidence
Finding
The skill is explicitly designed to capture and reuse an existing browser login session and cookies to act on the user's behalf through the website. This is dangerous because session tokens are equivalent to account access; if exposed, over-retained, or reused outside user intent, they can enable unauthorized actions and account compromise.

Ssd 3

High
Confidence
96% confidence
Finding
The setup instructions direct the skill to obtain current browser login state and persist session data locally in a user directory. Persisting reusable session state on disk materially increases the attack surface: local compromise, accidental disclosure, or improper file permissions could grant others access to the user's authenticated session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal