zhipu

SUSPICIOUS: the skill's stated purpose is coherent, but it depends on a third-party x-cmd wrapper and alias rather than a clearly official Zhipu CLI, and it asks users to place a Zhipu API key into that wrapper. The main concern is install and credential trust, not confirmed malware or clear exfiltration.