zhipu web search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search requests are made under the user's Zhipu account and may consume quota or be associated with that account.
The script uses the user's Zhipu API key as a bearer credential for the expected Zhipu web search endpoint.
--header "Authorization: Bearer $ZHIPU_API_KEY"
Use a revocable, appropriately scoped API key if available, and remove or rotate it if you stop using the skill.
Anything included in a search query may be sent to Zhipu/BigModel.
The skill sends search queries to an external provider endpoint, which is expected for web search but means query text leaves the local environment.
--url https://open.bigmodel.cn/api/paas/v4/web_search
Avoid placing secrets, private documents, or confidential business details in search queries unless that sharing is acceptable.
Users have less external context for verifying authorship, maintenance, or updates.
The listing does not identify an upstream source or homepage, giving users less provenance context even though the included script is simple and visible.
Source: unknown; Homepage: none
Review the included script before installing and prefer a trusted source or official documentation for the API key setup.