Zhipu Search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent Zhipu web-search wrapper, with expected cautions around its API key, third-party search requests, and limited source provenance.
This looks reasonable for Zhipu-powered web search. Before installing, make sure you trust the publisher, use an API key you are comfortable dedicating to this purpose, and assume search terms or optional user IDs may be sent to Zhipu.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may have less assurance about who maintains the skill or where to compare the included code against an upstream project.
The included script has limited provenance information. This is not suspicious by itself, but users have less external context for verifying the publisher or source.
Source: unknown; Homepage: none
Install only if you trust the registry entry and publisher; review the included script and prefer a known upstream source if available.
Searches made through this skill may consume your Zhipu account quota or be attributable to your API key.
The script uses the configured Zhipu API key to authenticate outbound API calls. This is expected for the stated service integration and no credential logging or unrelated use is shown.
api_key = os.environ.get("ZHIPU_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a scoped or dedicated API key if possible, monitor usage, and avoid sharing the key in chat or logs.
Anything entered as a search query, plus optional identifiers, may be transmitted to the Zhipu provider.
The script sends the search query in a JSON payload to Zhipu's API endpoint, and also supports optional request_id and user_id fields. This data flow is aligned with the search purpose.
API_BASE_URL = "https://open.bigmodel.cn/api/paas/v4" ... {"role": "user", "content": search_query} ... requests.post(..., json=payload, timeout=60)Do not use the skill for sensitive private searches unless sending that content to Zhipu is acceptable under your policies.