Is zhangsiyuan123123/image-generate safe?

https://clawhub.ai/zhangsiyuan123123/image-generate

92
SAFE

This is a legitimate image generation skill that uses the Volcano Engine API to create images from text prompts. The code is straightforward, performs only its stated functionality, and shows no signs of malicious behavior or security vulnerabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Contains executable Python code -10

The skill includes a Python script that executes to generate images, which is expected functionality but represents executable code in the system

INFO Reads environment variables for API keys -5

Script reads MODEL_IMAGE_API_KEY, ARK_API_KEY, VOLCENGINE_ACCESS_KEY, and VOLCENGINE_SECRET_KEY from environment, which is standard practice for API authentication

INFO External API dependency -5

Skill depends on Volcano Engine (ByteDance) external API service for image generation functionality