GLM Multimodal Analyzer
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s GLM multimodal analysis purpose is coherent, but its tool wrapper appears to pass user-controlled file paths and prompts through a shell command without safe escaping, creating a command-injection risk.
Review this skill carefully before installing. Its core behavior matches a multimodal GLM analyzer, but the tool execution template should be fixed to avoid shell injection. Also be aware that analyzed local files are sent to Zhipu’s API and that you must provide a ZHIPU_API_KEY even though the registry metadata does not declare it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed file path, URL, or analysis prompt could potentially cause commands to run on the user’s machine when the tool is invoked.
The tool handler constructs a shell command using templated, user-controlled input and prompt values inside single quotes. If the runtime does not robustly escape these values, a crafted quote or shell metacharacter could break out of the argument and run unintended local commands.
"exec": "python3 {{skillDir}}/scripts/analyze.py --type {{type}} --input '{{input}}' --prompt '{{prompt}}' {{#if thinking}}--thinking{{/if}}"Avoid shell-string execution for tool handlers. Pass arguments as an argv array or through a safe subprocess API, or rigorously shell-escape all templated values and validate inputs before execution.
Images, videos, documents, and prompts you choose to analyze may be transmitted to Zhipu/BigModel’s API.
Local files selected for analysis are read, base64-encoded, and sent to the disclosed external GLM API endpoint. This is purpose-aligned, but it is still a sensitive data flow.
with open(path, "rb") as f:
data = base64.b64encode(f.read()).decode("utf-8")
...
response = requests.post(API_URL, headers=headers, json=payload, timeout=120)Only analyze files you are comfortable sending to the provider, and review the provider’s data retention and privacy terms for confidential documents.
Installing users may not realize from metadata alone that they need to provide a provider API key.
The skill requires a Zhipu API key and sends it as a Bearer token. This is expected for the stated GLM integration, but the registry metadata lists no required env vars or primary credential.
api_key = os.environ.get("ZHIPU_API_KEY")
...
"Authorization": f"Bearer {api_key}"Declare ZHIPU_API_KEY in the skill metadata and advise users to protect the key, avoid logging it, and use the least-privileged or revocable key available.
The skill may not install or run exactly as documented, which could lead users to perform extra manual setup.
The README describes automatic installation of requests and a Bash wrapper, but the provided install spec has no installer and the manifest does not include the wrapper. This is a packaging/provenance inconsistency, not evidence of malicious behavior.
requests 库(自动安装)
...
└── scripts/
├── analyze.py # 主分析脚本
└── multimodal-analyze # Bash wrapperAlign the manifest, README, package metadata, and install spec; include the wrapper if intended and explicitly declare dependencies.