中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 25/100
Last scan:1 day ago Rescan
25 /100
zhipu-glm-image
智谱 GLM-Image 网页端图片生成与下载工具 - 检查登录态、自动打开浏览器登录、抓取浏览器Cookie、通过网页接口生成图片并下载到本地
The skill is a legitimate Zhipu image generation tool with browser cookie-based authentication, but lacks declared permissions for filesystem, shell, and browser resource usage.
Skill Namezhipu-glm-image
Duration43.1s
Enginepi
Safe to install
Add explicit permission declarations in SKILL.md for filesystem (session file + output directory), shell (browser launch command), and browser (CDP port 18800) access. This is a straightforward tool with no malicious behavior.

Findings 4 items

Severity Finding Location
Medium
Missing filesystem permission declaration Doc Mismatch
SKILL.md declares 'NONE' for filesystem but the code reads from %USERPROFILE%/.zhipu_image_session.json and writes to it, plus creates the captures/ output directory.
fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2));
→ Declare filesystem:READ for session file, filesystem:WRITE for output directory in SKILL.md.
 scripts/zhipu_api.js:52
Medium
Missing shell execution permission declaration Doc Mismatch
SKILL.md declares 'NONE' for shell but the code uses exec() to launch browser via Windows 'start' command.
exec(`start "" "${LOGIN_URL}"`, { shell: 'cmd.exe' }, error => {
→ Declare shell:WRITE for browser launch command in SKILL.md.
 scripts/zhipu_api.js:99
Medium
Missing browser access permission declaration Doc Mismatch
SKILL.md declares 'NONE' for browser but the code connects to Chrome Remote Debugging Interface on port 18800 to capture cookies from any logged-in tab.
const client = await CDP({ port: 18800 });
→ Declare browser:READ for CDP cookie capture in SKILL.md. Also document that ALL browser tabs are accessible, not just zhipu.
 scripts/zhipu_api.js:87
Low
Cookies stored in plaintext Sensitive Access
Session cookies are saved in plaintext JSON format without encryption. While these are service-specific tokens, plaintext storage is a minor risk if the system is compromised.
fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2));
→ Consider encrypting cookie values at rest or using a secure credential store.
 scripts/zhipu_api.js:52
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation zhipu_api.js:52 (saveSession writes to USERPROFILE), zhipu_api.js:148 (ensureDir…
Network READ READ ✓ Aligned HTTPS requests to image.z.ai for login and generation (declared in SKILL.md)
Shell NONE WRITE ✗ Violation zhipu_api.js:99 exec('start "" "' + LOGIN_URL + '"')
Browser NONE READ ✗ Violation zhipu_api.js:87 CDP({ port: 18800 }) for cookie capture
Environment NONE READ ✓ Aligned zhipu_api.js:52 uses process.env.USERPROFILE
Skill Invoke NONE NONE N/A
Clipboard NONE NONE N/A
Database NONE NONE N/A
3 findings
🔗
Medium External URL 外部 URL
https://image.z.ai/
SKILL.md:31
🔗
Medium External URL 外部 URL
https://image.z.ai/api/proxy
scripts/zhipu_api.js:22
🔗
Medium External URL 外部 URL
https://image.z.ai
scripts/zhipu_api.js:71

File Tree

5 files · 14.3 KB · 448 lines
JavaScript 2f · 321L Markdown 1f · 68L JSON 2f · 59L
├─ 📁 scripts
│ ├─ 📜 network_monitor.js JavaScript 64L · 1.8 KB
│ ├─ 📋 package-lock.json JSON 25L · 672 B
│ ├─ 📋 package.json JSON 34L · 798 B
│ └─ 📜 zhipu_api.js JavaScript 257L · 9.1 KB
└─ 📝 SKILL.md Markdown 68L · 1.9 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
chrome-remote-interface 0.33.3 npm No Version pinned with verified integrity hash

Security Positives

✓ All network requests go to legitimate Zhipu domain (image.z.ai) - no C2 or data exfiltration observed
✓ No base64 encoding, obfuscation, or anti-analysis techniques found
✓ No credential harvesting beyond the intended service (zhipu cookies only)
✓ No remote script execution (curl|bash, wget|sh)
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ chrome-remote-interface dependency is pinned to v0.33.3 with verified integrity hash
✓ Code is readable and straightforward - no hidden or shadow functionality