← Back to Skills Marketplace

Zhipu GLM Image

Name: Zhipu GLM Image
Author: huangm199

by huangm199 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

144

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install zhipu-glm-image

Description

智谱 GLM-Image 网页端图片生成与下载。用于：检查 image.z.ai 登录态、必要时自动打开浏览器登录、抓取浏览器 Cookie、通过网页接口生成图片并下载到本地。适用于“用智谱生图”“生成一张图并保存/发送”“检查智谱登录状态”“自动打开智谱登录页”等场景。

Usage Guidance

This skill appears to do what it claims, but it captures live browser cookies and saves them unencrypted to disk and requires exposing your browser's remote-debugging port. Only install/run it if you trust the source. Before running: (1) review the scripts (zhipu_api.js) yourself to confirm no unexpected network endpoints or exfiltration, (2) enable remote debugging only on an isolated browser profile or in a disposable VM/container, (3) be aware the tool saves cookies to %USERPROFILE%\.zhipu_image_session.json — delete that file when you're done, (4) run npm install inside the scripts/ directory and inspect the installed dependency (chrome-remote-interface), and (5) if you are not on Windows or cannot/should not expose remote debugging, do not run it. If you want extra assurance, run the tool in a throwaway Windows VM or container and monitor network traffic while using it.

Capability Analysis

Type: OpenClaw Skill Name: zhipu-glm-image Version: 1.0.1 The skill automates image generation by extracting browser cookies via the Chrome DevTools Protocol (CDP) on port 18800 and storing them in plaintext in the user's profile directory (%USERPROFILE%\.zhipu_image_session.json). While these actions (found in zhipu_api.js and network_monitor.js) support the stated goal of using a web-based session instead of an API key, the technique of programmatically scraping browser credentials and executing shell commands to open URLs represents a high-risk approach often seen in session-hijacking tools.

Capability Assessment

✓ Purpose & Capability

The name/description match the implementation: the scripts capture browser cookies, check/refresh a login session, call image.z.ai web endpoints using those cookies, and download images. Capturing cookies and opening the site's login page are necessary for the 'web-login-state' approach the skill documents.

ℹ Instruction Scope

SKILL.md and the scripts clearly instruct the agent to: use Chrome DevTools Protocol on port 18800 to read cookies, open the site login page if needed, and POST to image.z.ai proxy endpoints. The documentation mentions the remote-debugging dependency and npm install, but does not include step-by-step instructions for securely launching a browser with remote debugging enabled (or for non-Windows platforms). The code is Windows-oriented (uses process.env.USERPROFILE and cmd.exe 'start'), which is stated in places but may not be obvious to all users.

✓ Install Mechanism

There is no automated install spec — the repo includes package.json and asks the user to run npm install in scripts/. The only dependency is chrome-remote-interface from the public npm registry, which is reasonable for using CDP.

⚠ Credentials

No environment variables or external credentials are requested, which matches the described cookie-based approach. However, the script reads browser cookies via CDP, filters them by domains (z.ai, bigmodel.cn, chatglm), and writes those cookies unencrypted to a session file in the user's home directory (%USERPROFILE%\.zhipu_image_session.json). Accessing and persisting cookies is sensitive — expected for the stated purpose, but high-risk if you don't trust the code or if other domains are accidentally matched.

ℹ Persistence & Privilege

The skill does not request permanent platform privileges (always: false). It does write a local session file and can autonomously open the browser and capture cookies when invoked. If the agent is allowed to invoke skills autonomously, this behavior increases blast radius because the skill can launch the browser and attempt to capture session cookies while running.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install zhipu-glm-image
After installation, invoke the skill by name or use /zhipu-glm-image
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Clean release: removed hard-coded development fallback, added lockfile, clarified session path and install steps, and tightened public docs for safer review.

v1.0.0

Initial release: session-aware image.z.ai login flow, automatic browser login, ready check, and prompt-to-image download helper.

Metadata

Slug zhipu-glm-image

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Zhipu GLM Image?

智谱 GLM-Image 网页端图片生成与下载。用于：检查 image.z.ai 登录态、必要时自动打开浏览器登录、抓取浏览器 Cookie、通过网页接口生成图片并下载到本地。适用于“用智谱生图”“生成一张图并保存/发送”“检查智谱登录状态”“自动打开智谱登录页”等场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 144 downloads so far.

How do I install Zhipu GLM Image?

Run "/install zhipu-glm-image" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Zhipu GLM Image free?

Yes, Zhipu GLM Image is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Zhipu GLM Image support?

Zhipu GLM Image is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Zhipu GLM Image?

It is built and maintained by huangm199 (@huangm199); the current version is v1.0.1.

More Skills