zhipu-glm-image 安全扫描报告 — 低风险 | ClawSafe

25 /100

zhipu-glm-image

智谱 GLM-Image 网页端图片生成与下载工具 - 检查登录态、自动打开浏览器登录、抓取浏览器Cookie、通过网页接口生成图片并下载到本地

The skill is a legitimate Zhipu image generation tool with browser cookie-based authentication, but lacks declared permissions for filesystem, shell, and browser resource usage.

技能名称zhipu-glm-image

分析耗时43.1s

引擎pi

✓

可以安装

Add explicit permission declarations in SKILL.md for filesystem (session file + output directory), shell (browser launch command), and browser (CDP port 18800) access. This is a straightforward tool with no malicious behavior.

安全发现 4 项

严重性	安全发现	位置
中危	Missing filesystem permission declaration 文档欺骗 SKILL.md declares 'NONE' for filesystem but the code reads from %USERPROFILE%/.zhipu_image_session.json and writes to it, plus creates the captures/ output directory. `fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2));` → Declare filesystem:READ for session file, filesystem:WRITE for output directory in SKILL.md.	`scripts/zhipu_api.js:52`
中危	Missing shell execution permission declaration 文档欺骗 SKILL.md declares 'NONE' for shell but the code uses exec() to launch browser via Windows 'start' command. exec(`start "" "${LOGIN_URL}"`, { shell: 'cmd.exe' }, error => { → Declare shell:WRITE for browser launch command in SKILL.md.	`scripts/zhipu_api.js:99`
中危	Missing browser access permission declaration 文档欺骗 SKILL.md declares 'NONE' for browser but the code connects to Chrome Remote Debugging Interface on port 18800 to capture cookies from any logged-in tab. `const client = await CDP({ port: 18800 });` → Declare browser:READ for CDP cookie capture in SKILL.md. Also document that ALL browser tabs are accessible, not just zhipu.	`scripts/zhipu_api.js:87`
低危	Cookies stored in plaintext 敏感访问 Session cookies are saved in plaintext JSON format without encryption. While these are service-specific tokens, plaintext storage is a minor risk if the system is compromised. `fs.writeFileSync(SESSION_FILE, JSON.stringify(session, null, 2));` → Consider encrypting cookie values at rest or using a secure credential store.	`scripts/zhipu_api.js:52`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	zhipu_api.js:52 (saveSession writes to USERPROFILE), zhipu_api.js:148 (ensureDir…
网络访问	`READ`	`READ`	✓ 一致	HTTPS requests to image.z.ai for login and generation (declared in SKILL.md)
命令执行	`NONE`	`WRITE`	✗ 越权	zhipu_api.js:99 exec('start "" "' + LOGIN_URL + '"')
浏览器	`NONE`	`READ`	✗ 越权	zhipu_api.js:87 CDP({ port: 18800 }) for cookie capture
环境变量	`NONE`	`READ`	✓ 一致	zhipu_api.js:52 uses process.env.USERPROFILE
技能调用	`NONE`	`NONE`	—	N/A
剪贴板	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A

3 项发现

🔗

中危外部 URL 外部 URL

https://image.z.ai/

SKILL.md:31

🔗

中危外部 URL 外部 URL

https://image.z.ai/api/proxy

scripts/zhipu_api.js:22

🔗

中危外部 URL 外部 URL

https://image.z.ai

scripts/zhipu_api.js:71

目录结构

5 文件 · 14.3 KB · 448 行

JavaScript 2f · 321L Markdown 1f · 68L JSON 2f · 59L

├─ ▾ 📁 scripts

│ ├─ 📜 network_monitor.js JavaScript 64L · 1.8 KB

│ ├─ 📋 package-lock.json JSON 25L · 672 B

│ ├─ 📋 package.json JSON 34L · 798 B

│ └─ 📜 zhipu_api.js JavaScript 257L · 9.1 KB

└─ 📝 SKILL.md Markdown 68L · 1.9 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`chrome-remote-interface`	`0.33.3`	npm	否	Version pinned with verified integrity hash

安全亮点

✓ All network requests go to legitimate Zhipu domain (image.z.ai) - no C2 or data exfiltration observed

✓ No base64 encoding, obfuscation, or anti-analysis techniques found

✓ No credential harvesting beyond the intended service (zhipu cookies only)

✓ No remote script execution (curl|bash, wget|sh)

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env

✓ No persistence mechanisms (no cron, startup hooks, or backdoors)

✓ chrome-remote-interface dependency is pinned to v0.33.3 with verified integrity hash

✓ Code is readable and straightforward - no hidden or shadow functionality