glmocr-handwriting
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of providing an interface for handwriting OCR. No malicious patterns, such as prompt injection, obfuscation, or unauthorized data access, were detected.
- [EXTERNAL_DOWNLOADS]: The script connects to the official Zhipu AI endpoint at
https://open.bigmodel.cn/api/paas/v4/layout_parsing. This is a well-known service and is necessary for the skill's functionality. The code intentionally avoids custom API URL overrides to prevent key exfiltration. - [DATA_EXFILTRATION]: The script reads local files or fetches remote URLs provided as arguments to the CLI tool for the purpose of OCR processing. This data is only sent to the official API endpoint. No unauthorized data transmission to untrusted domains was found.
- [COMMAND_EXECUTION]: The skill does not execute arbitrary shell commands or use unsafe dynamic execution functions like
eval()orexec().
Audit Metadata