zhipu web search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zhipu-web-search Version: 1.0.8 The skill is a legitimate wrapper for the Zhipu AI Web Search API, allowing an agent to perform web searches via the official endpoint (open.bigmodel.cn). The provided shell script (scripts/zhipu_search.sh) uses cURL to interact with the API and includes basic sanitization for the search query to ensure valid JSON construction. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search requests are made under the user's Zhipu account and may consume quota or be associated with that account.
The script uses the user's Zhipu API key as a bearer credential for the expected Zhipu web search endpoint.
--header "Authorization: Bearer $ZHIPU_API_KEY"
Use a revocable, appropriately scoped API key if available, and remove or rotate it if you stop using the skill.
Anything included in a search query may be sent to Zhipu/BigModel.
The skill sends search queries to an external provider endpoint, which is expected for web search but means query text leaves the local environment.
--url https://open.bigmodel.cn/api/paas/v4/web_search
Avoid placing secrets, private documents, or confidential business details in search queries unless that sharing is acceptable.
Users have less external context for verifying authorship, maintenance, or updates.
The listing does not identify an upstream source or homepage, giving users less provenance context even though the included script is simple and visible.
Source: unknown; Homepage: none
Review the included script before installing and prefer a trusted source or official documentation for the API key setup.