ZeeLin Search 智灵搜索
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: zeelin-search-pro Version: 1.0.2 The skill bundle is a legitimate integration for the Zeelin Search API, designed to query public sentiment and news data. It follows a transparent workflow involving configuration checks in `templates/config.json`, natural language processing guided by `references/nl2json.md`, and authenticated API calls to `https://skills.zeelin.cn` as detailed in `references/zenlin_search_api.md`. While the agent is instructed to write search results to the local filesystem, this behavior is explicitly disclosed to the user and serves the stated purpose of the tool. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If Zeelin is unavailable or not configured, the agent may stop instead of using another search source.
This instruction affects tool choice by telling the agent not to fall back to other skills when Zeelin fails or is not configured. It is disclosed and related to the Zeelin workflow, but users should notice the fallback limitation.
调用失败,或者Zeelin_Api_Key未配置,不要使用其他skill
If you want an alternative source, explicitly ask the agent to use another tool or disable this skill for that request.
Your search terms will be sent to Zeelin, may consume API quota, and successful results will be saved as files on your machine.
The skill is designed to make an external POST request and create local JSON output files. This is expected for a search/export skill, but it means user queries leave the local environment and API results persist on disk.
发起POST请求,只带question_name参数,app-key/sign/timestamp放在header中 ... 所有的数据存放JSON文件在用户目录
Use the skill only for queries you are comfortable sending to Zeelin, verify the configured API URL, and delete or protect generated result files if they are sensitive.
Anyone who obtains the API key could potentially use your Zeelin access or quota.
The skill requires a Zeelin API key and uses it for authenticated requests. That is purpose-aligned for this integration, but the key grants service access and should be handled as a credential.
使用Zeelin_Api_Key作为app-key、并用于生成sign签名
Store the key only in the intended configuration, avoid exposing it in chat or screenshots when possible, and rotate it if you suspect it was shared.
You have less external information for confirming who maintains the skill or whether it is the official Zeelin integration.
The package has no executable install path, which lowers code-execution risk, but the missing source and homepage limit independent provenance verification.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the publisher and service endpoint before entering an API key.
A follow-up query such as changing only the time range may silently reuse the previous topic, platform, or sentiment filter.
The skill reuses prior conversation parameters for follow-up searches. This is useful and purpose-aligned, but stale context can influence later queries if the user gives only partial instructions.
上下文继承:记住上一次转换的参数 ... 继承上一次的 other 对象中的所有参数
Review the generated JSON or give a full fresh query when switching topics.