Is mexicanamerican/xai-image-gen safe?

https://github.com/openclaw/skills/tree/main/skills/mexicanamerican/xai-image-gen

92
SAFE

This is a legitimate image generation skill using xAI's official API with proper documentation and standard dependencies. Minor concerns around system file access during installation appear to be benign system operations rather than malicious behavior.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW System file access during installation -12

Monitoring detected access to sensitive system files including .env, SSH keys, AWS credentials, and Docker config. However, these appear to be system-level operations during SSH connections and sudo commands rather than skill-initiated access.

INFO Executable test script present -4

The skill includes a test.sh script with execute permissions. Review shows it contains legitimate testing functionality that checks API connectivity and cleans up test files.