Safety Report

GLM-Image-Gen

Name: GLM-Image-Gen
Rating: 5 (1 reviews)
Author: jaredforreal

Official skill for generating high-quality images from text prompts using ZhiPu GLM-Image API. Excellent at scientific illustrations, high-quality portraits,...

639Downloads

0Installs

1Stars

5Versions

API Integration11,971 Image Processing4,554 DevOps & Infrastructure2,137 Networking & DNS2,106

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and required credential (ZHIPU_API_KEY) are coherent with an image-generation client for the stated ZhiPu GLM-Image API — nothing in the package appears to request unrelated secrets, external endpoints, or elevated privileges.

Apr 15, 20262 files1 concern

Purpose & Capabilityok

Name/description match the included Python CLI and the declared required env var (ZHIPU_API_KEY). The script calls the documented GLM-Image endpoint and exposes expected options (model, size, quality, watermark).

Instruction Scopeok

SKILL.md instructs the agent to run the included python script and to display the returned image URL and parameters. The script only reads ZHIPU_API_KEY, the user prompt, optional user_id, and downloads the image URL returned by the official endpoint — it does not attempt to read unrelated files or exfiltrate data to unknown endpoints.

Install Mechanismnote

There is no install spec (instruction-only) which minimizes install risk. The package includes a Python CLI file; SKILL.md shows running 'python scripts/glm_image_cli.py' but the registry metadata did not list a required 'python' binary. This mismatch is minor but worth noting: the runtime requires a Python interpreter to execute the script.

Credentialsok

Only ZHIPU_API_KEY is required and marked as primaryEnv. The key is appropriate for calling the documented BigModel/G LM-Image API; no unrelated secrets or excessive env variables are requested.

Persistence & Privilegeok

The skill does not request always:true, does not modify other skills or system configs, and only runs a one-off CLI when invoked. It does offer an option to save images locally, which is expected for this functionality.

Guidance

This skill is internally consistent and simply calls ZhiPu's GLM-Image API using the ZHIPU_API_KEY. Before installing: (1) ensure you trust the ZhiPu service and are comfortable storing the API key where OpenClaw will access it (shared env or skill-level config affects other ZhiPu skills); (2) confirm your runtime provides Python so the included CLI can run; (3) remember generated image URLs are temporary (30 days) and the script can save images to disk if you use --save; and (4) if you need stronger isolation, place the API key in a skill-scoped config rather than a global env so compromise is limited to this skill.

Latest Release

v1.0.4

- No user-facing changes or file modifications in this version. - Confirmed stability: no updates or new features added.

More by @jaredforreal

GLM-Master-Skill

5 stars

GLM-OCR

2 stars

GLM-V-Caption

1 stars

GLM-V-Grounding

1 stars

GLM-OCR-Formula

1 stars

GLM-OCR-Table

1 stars

Published by @jaredforreal on ClawHub