ZeeLin Search 智灵搜索
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only Zeelin search skill appears aligned with its stated purpose, but it uses a user API key, sends search queries to Zeelin, and saves result files locally.
Before installing, confirm you trust the Zeelin service and the configured endpoint. Configure the API key carefully, avoid sending sensitive search terms, and remember that successful searches create JSON result files in your user directory.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If Zeelin is unavailable or not configured, the agent may stop instead of using another search source.
This instruction affects tool choice by telling the agent not to fall back to other skills when Zeelin fails or is not configured. It is disclosed and related to the Zeelin workflow, but users should notice the fallback limitation.
调用失败,或者Zeelin_Api_Key未配置,不要使用其他skill
If you want an alternative source, explicitly ask the agent to use another tool or disable this skill for that request.
Your search terms will be sent to Zeelin, may consume API quota, and successful results will be saved as files on your machine.
The skill is designed to make an external POST request and create local JSON output files. This is expected for a search/export skill, but it means user queries leave the local environment and API results persist on disk.
发起POST请求,只带question_name参数,app-key/sign/timestamp放在header中 ... 所有的数据存放JSON文件在用户目录
Use the skill only for queries you are comfortable sending to Zeelin, verify the configured API URL, and delete or protect generated result files if they are sensitive.
Anyone who obtains the API key could potentially use your Zeelin access or quota.
The skill requires a Zeelin API key and uses it for authenticated requests. That is purpose-aligned for this integration, but the key grants service access and should be handled as a credential.
使用Zeelin_Api_Key作为app-key、并用于生成sign签名
Store the key only in the intended configuration, avoid exposing it in chat or screenshots when possible, and rotate it if you suspect it was shared.
You have less external information for confirming who maintains the skill or whether it is the official Zeelin integration.
The package has no executable install path, which lowers code-execution risk, but the missing source and homepage limit independent provenance verification.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the publisher and service endpoint before entering an API key.
A follow-up query such as changing only the time range may silently reuse the previous topic, platform, or sentiment filter.
The skill reuses prior conversation parameters for follow-up searches. This is useful and purpose-aligned, but stale context can influence later queries if the user gives only partial instructions.
上下文继承:记住上一次转换的参数 ... 继承上一次的 other 对象中的所有参数
Review the generated JSON or give a full fresh query when switching topics.