← 返回 Skills 市场
Z.AI Web Search
作者
Bartosz Pijet
· GitHub ↗
· v1.0.0
1125
总下载
1
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install zai-search
功能描述
AI-optimized web search via Z.AI Web Search API. Returns structured results (title, URL, summary) for LLM processing.
安全使用建议
This skill appears to do what it says: it posts search requests to api.z.ai using ZAI_API_KEY and provides a basic HTML extractor. Before installing, consider: (1) Only provide an API key you control and can rotate; treat it as sensitive. (2) If you run agents in environments with access to internal networks or metadata services, be aware that the extract script can fetch arbitrary URLs — run in a network-restricted/isolated environment if you’re concerned. (3) Source is listed as unknown; if you need higher assurance, verify the publisher (owner ID) or inspect the included scripts yourself (they are short and readable). Rotate or revoke the key if you stop using the skill.
功能分析
Type: OpenClaw Skill
Name: zai-search
Version: 1.0.0
The `scripts/extract.mjs` file is vulnerable to Server-Side Request Forgery (SSRF). It fetches content from arbitrary URLs provided as input without sufficient validation or restriction, allowing an attacker to potentially access internal network resources, cloud metadata endpoints, or other sensitive services from the agent's host. While this is a significant vulnerability, there is no clear evidence of intentional malicious behavior (e.g., exfiltration to an attacker-controlled domain, persistence, or obfuscation), classifying it as suspicious rather than malicious. Other files are benign.
能力评估
Purpose & Capability
Name/description match the implementation: scripts call Z.AI's web_search API and require ZAI_API_KEY. Required binary (node) is expected and proportional.
Instruction Scope
SKILL.md instructs only running the included node scripts. The extract script fetches arbitrary URLs and strips HTML (intended behavior for extraction). Note: arbitrary URL fetching can reach internal/metadata endpoints if run in an environment with broad network access — this is a normal capability for a URL-extraction tool but worth being aware of.
Install Mechanism
No remote install/downloads or package installs are specified. The skill is instruction+local scripts only (no external archive downloads), minimizing install-time risk.
Credentials
Only ZAI_API_KEY (primary credential) is required, which is appropriate for calling the Z.AI Web Search API. The code also optionally checks Z_AI_API_KEY as a fallback — benign but documented.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill configuration. It does not persist or modify other skills or agent-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zai-search - 安装完成后,直接呼叫该 Skill 的名称或使用
/zai-search触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of z.ai-web-search skill.
- Provides AI-optimized web search via Z.AI Web Search API with structured results (titles, URLs, summaries).
- Offers search options for result count, domain filtering, and recency.
- Includes utility to extract and clean page content from a URL.
- Requires Node.js and a ZAI_API_KEY for setup.
元数据
常见问题
Z.AI Web Search 是什么?
AI-optimized web search via Z.AI Web Search API. Returns structured results (title, URL, summary) for LLM processing. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1125 次。
如何安装 Z.AI Web Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zai-search」即可一键安装,无需额外配置。
Z.AI Web Search 是免费的吗?
是的,Z.AI Web Search 完全免费(开源免费),可自由下载、安装和使用。
Z.AI Web Search 支持哪些平台?
Z.AI Web Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Z.AI Web Search?
由 Bartosz Pijet(@bartoszpijet)开发并维护,当前版本 v1.0.0。
推荐 Skills