The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute packages from the npm registry.
It installs mcporter, a utility for managing MCP servers.
It installs @z_ai/mcp-server, which is the vision server from Zhipu AI (BigModel). These downloads are necessary for the skill's stated purpose.
[COMMAND_EXECUTION]: The skill executes multiple shell commands to manage local configuration and tools.
It uses mkdir and cat to manage configuration files within the ~/.openclaw/ directory.
It reads local files, including ~/.openclaw/agents/main/agent/auth-profiles.json, to attempt to find existing API keys for the user's convenience.
It uses the mcporter CLI to register and invoke the MCP server tools.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via image processing.
Ingestion points: The skill accepts images from local paths and external URLs through the image_source parameter.
Boundary markers: There are no delimiters or 'ignore' instructions applied to the text extracted or analyzed from the images.
Capability inventory: The skill possesses shell execution capabilities, file system write access in the user home directory, and the ability to interact with external MCP servers.
Sanitization: No sanitization or filtering is performed on the results of OCR or image analysis before they are returned to the agent's context.

glm-understand-image