Back to skill
Skillv0.0.5
ClawScan security
visual-understanding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 11:04 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions legitimately implement a GLM-4.6V visual connector, but the published metadata omits required environment and dependency declarations and the SKILL.md asks you to send local images (base64) to an external API and to pip-install an external package — these mismatches and supply-chain/privacy implications deserve caution before installing or providing credentials.
- Guidance
- Before installing or using this skill: (1) Confirm the publisher/source (the registry metadata omits required vars/deps that SKILL.md requires). Verify the project's repo and release artifacts at the listed homepage. (2) Inspect the 'zai' Python package (PyPI/GitHub) and review its code or provenance before pip installing — unvetted packages are a supply-chain risk. (3) Understand privacy impact: local images will be base64-encoded and uploaded to open.bigmodel.cn; do not send PII/confidential images unless you trust the service and your organization’s policy. (4) Use a limited/ephemeral ZHIPUAI_API_KEY if possible and test in an isolated environment or container. (5) If metadata remains inconsistent, ask the skill publisher to correct the registry fields (declare ZHIPUAI_API_KEY and the dependency) before trusting automated use.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md content matches the declared purpose (integrating Zhipu/GLM-4.6V for image understanding). However the registry metadata provided with the skill claims no required env vars and no install steps, while the SKILL.md explicitly requires ZHIPUAI_API_KEY and the 'zai' Python package. This metadata vs. instruction mismatch is an incoherence that should be resolved by the publisher.
- Instruction Scope
- noteRuntime instructions are scoped to the stated feature set: they read local image files, base64-encode them, and send them (or public image URLs) to bigmodel.cn via the zai SDK or cURL. That behavior is expected for an image-understanding connector, but it means user local images (potentially containing sensitive data) will be transmitted to an external service. The doc does not instruct reading unrelated system files or secrets beyond ZHIPUAI_API_KEY.
- Install Mechanism
- concernThere is no install spec in the registry metadata, yet SKILL.md recommends 'pip install zai' and lists a python dependency. This inconsistency is concerning: the skill will not be installed automatically but expects you to pip-install an external package named 'zai' (unknown provenance here). Installing third-party packages adds supply-chain risk; you should verify the 'zai' package source (PyPI repo, GitHub) and review its code before installing.
- Credentials
- noteThe only credential the SKILL.md requires is ZHIPUAI_API_KEY, which is appropriate for a connector to Zhipu's Open API. The registry metadata, however, lists no required env vars — again a mismatch. The skill's use of an API key is proportionate, but granting that key will allow the skill to send images and data to the external bigmodel.cn service, so treat the key as sensitive and consider using a scoped/ephemeral key.
- Persistence & Privilege
- okThe skill does not request persistent or elevated platform privileges (always:false, no config paths, no code files). It is user-invocable and allows autonomous model invocation by default, which is normal. There is no evidence it modifies other skills or system-wide settings.