← 返回 Skills 市场
codeteenager

Zhipu Image Generator

作者 Jiang Shuaijie · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
371
总下载
1
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install zhipu-image-gen
功能描述
AI text-to-image generation using Zhipu AI's GLM-Image model. Use when the user requests image generation, creating images from text descriptions, or mention...
安全使用建议
This skill appears to do exactly what it claims: call Zhipu's image API and save the returned PNG. Before installing, verify you trust the source and the API domain (open.bigmodel.cn) and avoid sharing your ZHIPU_API_KEY with untrusted parties. The script downloads whatever URL the API returns — which is normal here, but be cautious about storing your API key in shared files. If you need stronger protections, use a dedicated API key with limited quota and monitor usage in the Zhipu console.
功能分析
Type: OpenClaw Skill Name: zhipu-image-gen Version: 1.1.1 The skill provides legitimate image generation functionality via Zhipu AI but contains a JSON injection vulnerability in `scripts/generate_image.sh`. The script constructs a JSON payload for a `curl` request by directly interpolating unescaped variables (`$PROMPT`, `$SIZE`), which could allow malformed or malicious input to manipulate the API call. Additionally, the script permits writing files to arbitrary system locations via the `-o` (output directory) parameter.
能力评估
Purpose & Capability
Name/description state a Zhipu text-to-image client; required binaries (curl, jq) and required env var (ZHIPU_API_KEY) match that purpose. No unrelated credentials or tools are requested.
Instruction Scope
SKILL.md and the included script limit actions to reading a local .env (only extracting ZHIPU_API_KEY), calling the Zhipu API endpoint, parsing JSON with jq, and downloading the returned image URL. The script does not read other system files or unrelated environment variables.
Install Mechanism
Instruction-only skill with a simple shell script; there is no install step that downloads or executes arbitrary third-party code. Risk from install mechanism is minimal.
Credentials
Only a single API key (ZHIPU_API_KEY) is required and the script only uses that key for authenticating to the documented API. No other secrets, system tokens, or config paths are requested.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. It does perform outbound network calls to the Zhipu API (expected for this purpose).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install zhipu-image-gen
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /zhipu-image-gen 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
安全修复:1) 声明环境变量和二进制依赖元数据;2) 安全读取.env文件(仅提取ZHIPU_API_KEY);3) 添加.env.example模板
v1.1.0
新增 watermark_enabled 参数(-w/--watermark),支持控制是否启用水印,默认关闭
v1.0.2
- Added a "安全说明" (Security Information) section detailing required permissions, their purposes, and data safety assurances. - No other functional or usage changes.
v1.0.1
- Added detailed usage instructions and configuration steps for setting up Zhipu AI's GLM-Image text-to-image generator. - Described command-line usage, supported prompt languages (Chinese/English), and image sizes. - Specified dependency on ZHIPU_API_KEY, with setup instructions via `.env` file or environment variable. - Included example prompts, output options, and notes on image format and file naming. - Provided a clear file structure overview for easy navigation and setup.
v1.0.0
- Initial release of zhipu-image-gen skill. - Enables AI text-to-image generation using Zhipu AI's GLM-Image model. - Supports both Chinese and English prompts, including key phrases like "文生图", "生成图片", and "画图". - Allows configurable image sizes and output directories. - Simple setup via .env file or environment variable. - Includes script and documentation for usage and configuration.
元数据
Slug zhipu-image-gen
版本 1.1.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 5
常见问题

Zhipu Image Generator 是什么?

AI text-to-image generation using Zhipu AI's GLM-Image model. Use when the user requests image generation, creating images from text descriptions, or mention... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。

如何安装 Zhipu Image Generator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zhipu-image-gen」即可一键安装,无需额外配置。

Zhipu Image Generator 是免费的吗?

是的,Zhipu Image Generator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Zhipu Image Generator 支持哪些平台?

Zhipu Image Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Zhipu Image Generator?

由 Jiang Shuaijie(@codeteenager)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论