glmv-caption
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a standard wrapper for the ZhiPu GLM-V multimodal API. No malicious patterns, obfuscation, or unauthorized access techniques were detected.
- [COMMAND_EXECUTION]: The agent is instructed to execute a local Python script (
scripts/glmv_caption.py) to interact with the API. The script performs validation on local file inputs (extension and size) before processing. - [DATA_EXFILTRATION]: The script reads local image files and transmits the content to
open.bigmodel.cn. This behavior is the intended primary purpose of the skill and targets the official endpoint of a well-known AI service provider. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by instructing users to provide the
ZHIPU_API_KEYthrough environment variables or local.envconfiguration files, avoiding hardcoded secrets.
Audit Metadata