zhipu web search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Zhipu web search wrapper that uses curl and a Zhipu API key as expected, with only minor provenance and data-sharing points to notice.
Install this only if you are comfortable sending search queries to Zhipu/BigModel using your ZHIPU_API_KEY. Use a revocable API key, avoid sensitive query text, and review the small included shell script because the package has limited source provenance.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search requests are made under the user's Zhipu account and may consume quota or be associated with that account.
The script uses the user's Zhipu API key as a bearer credential for the expected Zhipu web search endpoint.
--header "Authorization: Bearer $ZHIPU_API_KEY"
Use a revocable, appropriately scoped API key if available, and remove or rotate it if you stop using the skill.
Anything included in a search query may be sent to Zhipu/BigModel.
The skill sends search queries to an external provider endpoint, which is expected for web search but means query text leaves the local environment.
--url https://open.bigmodel.cn/api/paas/v4/web_search
Avoid placing secrets, private documents, or confidential business details in search queries unless that sharing is acceptable.
Users have less external context for verifying authorship, maintenance, or updates.
The listing does not identify an upstream source or homepage, giving users less provenance context even though the included script is simple and visible.
Source: unknown; Homepage: none
Review the included script before installing and prefer a trusted source or official documentation for the API key setup.