Trust Assessment
qwen-image received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Suspicious import: http.client, Broad TOOLS.md search path for API key, Arbitrary file write via --output argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file write via --output argument The `scripts/generate.py` script allows users to specify an output file path using the `--output` command-line argument. This argument is directly used in `with open(output, "wb") as img_file:` without any path sanitization or validation. An attacker can exploit this by providing path traversal sequences (e.g., `../../../etc/passwd`) or absolute paths (e.g., `/tmp/malicious.sh`) to write arbitrary content to any location on the filesystem where the script has write permissions. This can lead to overwriting critical system files, creating malicious executables, or exfiltrating data. Implement strict validation and sanitization for the `--output` argument. Restrict output paths to a designated, secure directory (e.g., the current working directory or a specific output folder). Sanitize the path to remove `../` sequences and disallow absolute paths. Ensure the filename does not contain invalid characters or attempt to create special files. Consider using `pathlib.Path` and `Path.resolve()` with `strict=True` to normalize paths and check if they are within an allowed directory. | LLM | scripts/generate.py:229 | |
| MEDIUM | Suspicious import: http.client Import of 'http.client' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/irron/qwenz-image-gen/scripts/generate.py:13 | |
| MEDIUM | Broad TOOLS.md search path for API key The `get_api_key` function in `scripts/generate.py` attempts to locate `TOOLS.md` in multiple directories, including `Path(__file__).parent.parent.parent.parent` (up to four levels above the script's location) and an absolute path `/home/admin/clawd/TOOLS.md`. While the intent is to find the `DASHSCOPE_API_KEY`, this broad search scope could potentially lead to reading `TOOLS.md` files from unintended locations outside the skill's designated directory, possibly exposing other secrets if such files exist and are not properly secured or scoped. This grants the skill excessive permissions to read files from various parts of the filesystem. Restrict the search paths for `TOOLS.md` to only the skill's own directory or explicitly defined, secure locations. Avoid searching arbitrary parent directories or hardcoded absolute paths that might be outside the skill's control or intended scope. Prefer environment variables or a single, well-defined configuration file path. | LLM | scripts/generate.py:23 |
Scan History
Embed Code
[](https://skillshield.io/report/a66af2bc471186d9)
Powered by SkillShield