zhipu-image

Original source / Raw SKILL.md

---
name: zhipu-image
description: Generate images using Zhipu AI's CogView model
allowed-tools: Bash(curl:*) Bash(jq:*)
env:
  - ZHIPU_API_KEY
---

# Zhipu Image Generation

Generate images using Zhipu AI's CogView model.

## ⚠️ Security Requirements

**This skill requires `ZHIPU_API_KEY` environment variable to be set before use.**

### Security Best Practices:

1. **DO NOT store API keys in ~/.bashrc** - keys can be leaked
2. **DO NOT source shell configuration files** - prevents arbitrary code execution
3. **Set environment variable directly** when running the script

## Setup

```bash
export ZHIPU_API_KEY="your_api_key"
```

**Get your API key from:** https://www.bigmodel.cn/usercenter/proj-mgmt/apikeys

## Usage

### Quick Example

```bash
export ZHIPU_API_KEY="your_key"

curl -s -X POST "https://open.bigmodel.cn/api/paas/v4/images/generations" \
  -H "Authorization: Bearer $ZHIPU_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "cogview-4", "prompt": "your description"}'
```

### Using the Script

```bash
export ZHIPU_API_KEY="your_key"
./generate.sh "A beautiful Chinese girl in white dress"
```

## Security Analysis

### ✅ What's Safe:
- No sourcing of ~/.bashrc or shell config files
- Uses jq for JSON escaping (prevents injection)
- Uses HTTPS with TLS 1.2+
- API key via environment variable (not hardcoded)
- Input validation (prompt length limit)
- Generic error messages

### ⚠️ Considerations:
- **Process list visibility**: API key visible in `ps aux`
- Use in trusted environments only

## Safety Features

| Feature | Implementation |
|---------|----------------|
| JSON escaping | jq prevents injection |
| Input validation | Prompt length ≤1000 chars |
| TLS | Force TLS 1.2+ |
| Timeout | 60 second curl timeout |
| Error handling | Generic messages only |

## Model

Uses **CogView-4** model from Zhipu AI.

## API Endpoint

**Official:** `https://open.bigmodel.cn/api/paas/v4/images/generations`


---

## Skill Companion Files

> Additional files collected from the skill directory layout.

### _meta.json

```json
{
  "owner": "honestqiao",
  "slug": "zhipu-cogview-image",
  "displayName": "Skill",
  "latest": {
    "version": "1.0.0",
    "publishedAt": 1771694432808,
    "commit": "https://github.com/openclaw/skills/commit/1746829ad4517dcb116c96af32672c1a9581a7ac"
  },
  "history": []
}

```

### scripts/generate.sh

```bash
#!/bin/bash
# Zhipu Image Generation Script (CogView)
#
# SECURITY: Requires ZHIPU_API_KEY environment variable

set -euo pipefail

if [ -z "${ZHIPU_API_KEY:-}" ]; then
    echo "Error: Required environment variable not set" >&2
    exit 1
fi

if [ $# -lt 1 ] || [ -z "$1" ]; then
    echo "Error: Missing required argument" >&2
    exit 1
fi

KEY="$ZHIPU_API_KEY"
PROMPT="$1"

# Validate prompt length
if [ ${#PROMPT} -gt 1000 ]; then
    echo "Error: Prompt exceeds maximum length" >&2
    exit 1
fi

# Build JSON payload using jq for safe escaping
PROMPT_JSON=$(jq -n --arg p "$PROMPT" '$p')

PAYLOAD=$(jq -n \
    --argjson prompt "$PROMPT_JSON" \
    '{
        model: "cogview-4",
        prompt: $prompt,
        size: "1024x1024",
        quality: "standard"
    }')

# Call Zhipu API
RESULT=$(curl -s --proto =https --tlsv1.2 -m 60 -X POST "https://open.bigmodel.cn/api/paas/v4/images/generations" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d "$PAYLOAD")

# Extract image URL or error
ERROR_MSG=$(echo "$RESULT" | jq -r '.error.message // empty' 2>/dev/null)
if [ -n "$ERROR_MSG" ]; then
    echo "API Error: $ERROR_MSG" >&2
    exit 1
fi

IMAGE_URL=$(echo "$RESULT" | jq -r '.data[0].url // empty' 2>/dev/null)
if [ -n "$IMAGE_URL" ] && [ "$IMAGE_URL" != "null" ]; then
    echo "$IMAGE_URL"
else
    echo "Error: Failed to generate image" >&2
    exit 1
fi

```