Zhipu AI Search

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Zhipu web-search helper that uses a local Python script and API key to send search queries to Zhipu, with no evidence of hidden persistence, destructive behavior, or unrelated data collection.

Install this only if you are comfortable providing a Zhipu API key and sending search terms to Zhipu's external web-search service. Avoid putting secrets, private customer data, or proprietary material in queries, and consider tightening the Bash/tool permissions if your environment supports scoping them to the specific search script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares tools that can access environment variables and perform network operations, but it does not declare corresponding permissions or clearly bound those capabilities. This creates a transparency and policy-enforcement gap: a caller may invoke the skill without realizing it can read secrets like ZHIPUAI_API_KEY and send data to an external service.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill is described as a web-search integration using the Zhipu Web Search API, but its settings grant local Bash execution for python and python3. This is a capability mismatch that unnecessarily expands the attack surface: prompt-influenced or compromised skill logic could run arbitrary local code, access local files, or pivot beyond simple network search behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The README states that when a user needs web information, Claude will automatically invoke this skill, but it does not define clear triggering boundaries, user-consent expectations, or limits on autonomous use. In agent environments, overly broad auto-invocation can cause unintended network access, privacy leakage through external queries, and surprising behavior on ordinary requests that merely mention looking something up.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The activation description is broad enough to match many common user requests for information, news, or research, which can cause the skill to trigger in situations where external search is unnecessary or the user did not intend third-party data sharing. Over-broad routing increases the chance of sending sensitive queries to the remote API without clear user awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The markdown explains how to use the search feature but does not clearly warn that user queries will be transmitted to the external Zhipu Web Search API. Without explicit disclosure, users may provide confidential, personal, or proprietary information under the mistaken assumption that processing is local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal