Zhipu Tools Coding Plan

智谱 AI 原生工具 - 网络搜索、网页读取、仓库文档搜索和文件解析。基于 Z.AI Coding Plan MCP 端点，全部免费使用。

This skill appears to implement what it claims (web search, webpage reading, repo search, file parsing) by calling Z.AI MCP endpoints and a legacy bigmodel API. Important things to consider before installing: - The registry metadata does NOT list required env vars, but the code and README require ZHIPU_API_KEY (and optionally ZHIPU_USE_MCP). Do not assume no credentials are needed — the API key is required. - File parsing uploads the specified document to open.bigmodel.cn (legacy endpoint). Do NOT upload sensitive or confidential documents unless you trust that remote service and its privacy policy. - All network requests (searches, readers, zread) send data (queries, URLs, repo/file identifiers, and potentially file contents) to external services (api.z.ai and open.bigmodel.cn). If you need strict data residency or confidentiality, avoid using this skill. - Verify the skill source/trustworthiness (author repository, signatures). The package lists a GitHub clone URL in README; prefer installing from an official/trusted source rather than an unknown registry owner when possible. - Before giving a real API key, test in an isolated account or with limited-scope key. Check openclaw.json and ensure you do not commit API keys to source control. Because of the metadata omission about required env vars and the fact the skill will transmit user files to external endpoints, take precautions (review origin, limit API key scope, avoid uploading sensitive files). If the publisher/source is verified and you accept the privacy tradeoffs, the skill is functionally coherent.

Type: OpenClaw Skill Name: zhipu-tools-coding-plan Version: 1.2.1 The skill bundle provides legitimate integration with Zhipu AI's MCP and Legacy APIs for web searching, webpage reading, and file parsing. However, it is classified as suspicious due to several security vulnerabilities and high-risk capabilities: the shell scripts (web_search.sh, web_reader.sh, and zread.sh) construct JSON payloads using direct string interpolation of user-provided arguments, making them vulnerable to JSON injection. Additionally, the file_parser.sh script uploads local files to a remote third-party endpoint (open.bigmodel.cn), which is a high-risk behavior, although it is the stated purpose of the tool. No evidence of intentional malice or hidden data exfiltration was found.