Is cluka-399/gemini-image-simple safe?

https://github.com/openclaw/skills/tree/main/skills/cluka-399/gemini-image-simple

94
SAFE

This skill provides legitimate image generation functionality using Google's Gemini API with clean, straightforward Python code that uses only standard library modules. While monitoring detected some sensitive file access during the audit period, this appears to be related to SSH authentication rather than the skill itself.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (4)

INFO Environment Variable Access -10

Script accesses GEMINI_API_KEY environment variable as expected for API authentication

LOW Sensitive File Access During Audit -5

Monitoring detected access to credential files (.env, SSH keys, AWS credentials, etc.) during audit period, but appears to be from SSH authentication rather than the skill itself

INFO Python Script Execution -10

Contains executable Python script for image generation functionality using only standard library modules

INFO API Integration -5

Makes HTTP requests to Google's Gemini API for legitimate image generation functionality