扫描报告
5 /100
zhipu-coding-plan-mcp
智谱 AI 视觉、搜索与生图工具集
This is a legitimate Zhipu AI (智谱) MCP tool integration that provides image analysis, web search, and AI generation capabilities. All credential access and execution is declared and necessary for the documented functionality.
可以安装
No action needed. The skill follows security best practices by reading API keys from a config file rather than hardcoding them.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | execFileSync('npx', ...) in scripts/zai-mcp.js:42 - declared in SKILL.md metadat… |
| 文件系统 | READ | READ | ✓ 一致 | readFileSync for auth-profiles.json and mcporter.json |
| 网络访问 | READ | READ | ✓ 一致 | HTTPS calls to open.bigmodel.cn for AI services |
7 项发现
中危 外部 URL 外部 URL
https://open.bigmodel.cn SKILL.md:47 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/paas/v4/images/generations SKILL.md:165 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/paas/v4/videos/generations SKILL.md:184 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/paas/v4/async-result/$TASK_ID SKILL.md:211 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/mcp/web_search_prime/mcp mcporter.json:14 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/mcp/web_reader/mcp mcporter.json:19 中危 外部 URL 外部 URL
https://open.bigmodel.cn/api/mcp/zread/mcp mcporter.json:24 目录结构
3 文件 · 11.6 KB · 348 行 Markdown 1f · 271L
JavaScript 1f · 49L
JSON 1f · 28L
├─
▾
scripts
│ └─
zai-mcp.js
JavaScript
├─
mcporter.json
JSON
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
npx | * | system | 否 | Required dependency declared in metadata |
mcporter | * | npm | 否 | MCP server orchestrator |
安全亮点
✓ API key is read dynamically from config file, not hardcoded
✓ npx dependency declared in SKILL.md metadata
✓ All network calls go to official Zhipu API endpoint (open.bigmodel.cn)
✓ No credential exfiltration - keys stay local
✓ Script is straightforward with no obfuscation or base64 encoding
✓ MCP servers use proper HTTP bearer token authentication