Back to skill

Security audit

GLM-V-Doc-Based-Writing

Security checks across malware telemetry and agentic risk

Overview

The skill coherently sends user-selected documents and writing requirements to Zhipu GLM-V to generate Markdown, with no evidence of hidden persistence, destructive behavior, or credential misuse.

Install only if you are comfortable providing a Zhipu API key and sending selected document URLs or local PDF page contents to Zhipu for processing. Avoid confidential, regulated, or customer documents unless your policy permits that provider use, and prefer revocable or scoped API keys where available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill metadata declares required environment variables but does not explicitly declare the effective capabilities it exercises, while the documentation clearly indicates network access, reading secrets from environment variables, and writing output files. This weakens policy enforcement and user understanding because the runtime behavior is broader than the declared permission surface.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are very broad and overlap with common writing and summarization requests, which can cause the skill to be invoked when the user did not intend to send documents or prompts to this external service. In this context, accidental invocation increases the chance of unintended document exfiltration to the remote model provider.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that local PDFs are converted to page images and sent to the model, but it does not provide a clear user-facing warning that document contents and derived images are transmitted to an external third-party service. This creates a meaningful data-handling risk because users may provide sensitive documents without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-supplied documents and requirements to a third-party API, which can expose sensitive document contents to an external service without explicit user disclosure or consent at execution time. In this skill context, the risk is real because the whole purpose is to process potentially confidential PDFs/DOCX files, so silent external transmission materially increases privacy and compliance exposure.

Session Persistence

Medium
Category
Rogue Agent
Content
This script reads the key from the `ZHIPU_API_KEY` environment variable and shares it with other Zhipu skills.
脚本通过 `ZHIPU_API_KEY` 环境变量获取密钥,与其他智谱技能共用同一个 key。

**Get Key / 获取 Key:** Visit [Zhipu Open Platform API Keys / 智谱开放平台 API Keys](https://bigmodel.cn/usercenter/proj-mgmt/apikeys) to create or copy your key.

**Setup options / 配置方式(任选一种):**
Confidence
78% confidence
Finding
create or copy your key. **Setup options / 配置方式(任选一种):** 1. **OpenClaw config (recommended) / OpenClaw 配置(推荐):** Set in `openclaw.json` under `skills.entries.glmv-doc-based-writing.env`: ```json

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
> **Local PDF / 本地 PDF:** Local PDF files are converted page-by-page into images (base64) before sending to the model. `PyMuPDF` is required (`pip install PyMuPDF`). URL files support full formats including pdf/docx/txt.
> 本地 PDF 会自动逐页转为图片(base64)传给模型,需要安装 `PyMuPDF`(`pip install PyMuPDF`)。URL 文件支持 pdf/docx/txt 等全格式。

### 📋 Output Display Rules (MANDATORY)

After running the script, **you must display the complete content (Markdown format) exactly as returned**. Do not summarize, truncate, translate, comment, or only say "Writing Completed!".
Confidence
89% confidence
Finding
Display Rules

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.