Oathe Security Badge

Is whyhit2005/zhipu-web-search safe?

https://clawhub.ai/whyhit2005/zhipu-web-search

91
SAFE

This skill provides legitimate web search functionality through Zhipu AI's API with standard argument processing and HTTP requests. The implementation is straightforward with no evidence of malicious behavior, prompt injection, or data exfiltration attempts.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Contains executable shell script -15

The skill includes a bash script that processes arguments and makes curl requests to external APIs. While this is necessary for the skill's functionality, it does represent executable code.

LOW Makes external API calls -10

The skill makes HTTP requests to open.bigmodel.cn API endpoint as part of its documented web search functionality. This is expected behavior but represents external data transmission.

INFO Depends on external Chinese API service -15

The skill relies on Zhipu AI's web search service hosted in China. While legitimate, users should be aware of the external dependency and data jurisdiction.