ClawHub

image-understanding

v0.0.4

智谱 GLM-4.6V 多模态视觉模型集成插件。支持 128K 长上下文、文档解析、视频理解与原生工具调用。具备工业级安全审计指引。

0· 516·8 current·8 all-time
by@isabellazhangym
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (GLM-4.6V multimodal image understanding) align with the declared requirements: an API key for ZhipuAI and the zhipuai Python SDK. Requiring ZHIPUAI_API_KEY and the zhipuai package is proportionate for this integration.
Instruction Scope
SKILL.md contains usage examples that only send image data and text to the GLM model and recommends credential handling and data redaction. It does not instruct reading unrelated system files, other env vars, or transmitting data to unexpected endpoints; external endpoints referenced are the documented bigmodel.cn resources.
Install Mechanism
The registry bundle has no formal install spec, but SKILL.md recommends 'pip install zhipuai' and lists zhipuai>=2.1.0. Installing the SDK via pip is expected for this skill but carries normal supply-chain risk (package install scripts). Verify the package source and pin versions before installing.
Credentials
Only one environment credential is required (ZHIPUAI_API_KEY), which is appropriate for a hosted-model integration. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is instruction-only, always:false, and does not request persistent system-wide privileges or modifications to other skills; autonomous invocation is allowed (platform default) but not elevated by the skill.
Assessment
This skill appears coherent for integrating ZhipuAI's GLM-4.6V model, but take normal precautions: only provide a ZHIPUAI_API_KEY you trust and avoid pasting it into chats; run initial tests in a sandbox; redact or mask sensitive parts of images before sending; verify the 'zhipuai' Python package on PyPI (watch for typosquatting), pin a specific version (e.g., zhipuai==2.1.x), and review its release/source repository. If you cannot verify the SDK or you handle highly sensitive images, consider using an alternative workflow or isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk977yn3xxxj1m7r7bhwjmermx1824wsp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments