Scan Report
5 /100
easy-image
Professional image generation assistant for workplace: PPT graphics, marketing posters, product photos, social media content
Pure documentation/template skill with no executable code or malicious behavior - serves as a prompt engineering guide for image generation workflows.
Safe to install
No action needed. This skill is a documentation-only resource with no security concerns.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem operations - skill is purely text/documentation |
| Network | NONE | NONE | — | No network calls - describes API endpoints but contains no code |
| Shell | NONE | NONE | — | No shell execution capabilities |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No skill invocation chains |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
1 High 39 findings
High API Key 疑似硬编码凭证
API_KEY="your-api-key-here" references/platforms/google.md:13 Medium External URL 外部 URL
https://api.jiekou.ai/v3/gemini-3.1-flash-image-text-to-image docs/architecture.md:112 Medium External URL 外部 URL
https://api.jiekou.ai docs/architecture.md:241 Medium External URL 外部 URL
https://jiekou.ai/settings/key-management examples/usage-examples.md:53 Medium External URL 外部 URL
https://novita.ai/settings/key-management examples/usage-examples.md:350 Medium External URL 外部 URL
https://console.cloud.google.com/apis/credentials examples/usage-examples.md:403 Medium External URL 外部 URL
https://jiekou.ai/billing examples/usage-examples.md:431 Medium External URL 外部 URL
https://ai.google.dev references/platforms/google.md:4 Medium External URL 外部 URL
https://aistudio.google.com/app/apikey references/platforms/google.md:5 Medium External URL 外部 URL
https://ai.google.dev/gemini-api/docs references/platforms/google.md:6 Medium External URL 外部 URL
https://aistudio.google.com references/platforms/google.md:7 Medium External URL 外部 URL
https://jiekou.ai references/platforms/jiekou.md:4 Medium External URL 外部 URL
https://jiekou.ai/docs references/platforms/jiekou.md:6 Medium External URL 外部 URL
https://api.jiekou.ai/v3/gemini-3-pro-image-text-to-image references/platforms/jiekou.md:85 Medium External URL 外部 URL
https://api.jiekou.ai/v3/gemini-3.1-flash-image-edit references/platforms/jiekou.md:91 Medium External URL 外部 URL
https://novita.ai references/platforms/novita.md:4 Medium External URL 外部 URL
https://docs.novita.ai references/platforms/novita.md:6 Medium External URL 外部 URL
https://api.novita.ai references/platforms/novita.md:19 Medium External URL 外部 URL
https://api.novita.ai/v3/gemini-3.1-flash-image-text-to-image references/platforms/novita.md:38 Medium External URL 外部 URL
https://api.novita.ai/v3/gemini-3-pro-image-text-to-image references/platforms/novita.md:82 Medium External URL 外部 URL
https://api.novita.ai/v3/gemini-3.1-flash-image-edit references/platforms/novita.md:88 Medium External URL 外部 URL
https://openrouter.ai references/platforms/openrouter.md:4 Medium External URL 外部 URL
https://openrouter.ai/settings/keys references/platforms/openrouter.md:5 Medium External URL 外部 URL
https://openrouter.ai/docs references/platforms/openrouter.md:6 Medium External URL 外部 URL
https://openrouter.ai/api/v1 references/platforms/openrouter.md:19 Medium External URL 外部 URL
https://openrouter.ai/api/v1/chat/completions references/platforms/openrouter.md:38 Medium External URL 外部 URL
https://ppio.com references/platforms/ppio.md:4 Medium External URL 外部 URL
https://ppio.com/console references/platforms/ppio.md:5 Medium External URL 外部 URL
https://ppio.com/docs references/platforms/ppio.md:6 Medium External URL 外部 URL
https://api.ppio.com references/platforms/ppio.md:19 Medium External URL 外部 URL
https://api.ppio.com/v3/gemini-3.1-flash-image-text-to-image references/platforms/ppio.md:38 Medium External URL 外部 URL
https://api.ppio.com/v3/gemini-3-pro-image-text-to-image references/platforms/ppio.md:85 Medium External URL 外部 URL
https://api.ppio.com/v3/gemini-3.1-flash-image-edit references/platforms/ppio.md:91 Medium External URL 外部 URL
https://wavespeed.ai references/platforms/wavespeed.md:4 Medium External URL 外部 URL
https://wavespeed.ai/console references/platforms/wavespeed.md:5 Medium External URL 外部 URL
https://wavespeed.ai/docs references/platforms/wavespeed.md:6 Medium External URL 外部 URL
https://api.wavespeed.ai references/platforms/wavespeed.md:19 Medium External URL 外部 URL
https://api.wavespeed.ai/v1/images/generations references/platforms/wavespeed.md:38 Medium External URL 外部 URL
https://api.wavespeed.ai/v1/images/edits references/platforms/wavespeed.md:97 File Tree
27 files · 390.0 KB · 6462 lines Markdown 25f · 6406L
JSON 2f · 56L
├─
▾
config
│ ├─
defaults.json
JSON
│ └─
schema.json
JSON
├─
▾
docs
│ └─
architecture.md
Markdown
├─
▾
examples
│ └─
usage-examples.md
Markdown
├─
▾
references
│ ├─
▾
platforms
│ │ ├─
google.md
Markdown
│ │ ├─
jiekou.md
Markdown
│ │ ├─
novita.md
Markdown
│ │ ├─
openrouter.md
Markdown
│ │ ├─
ppio.md
Markdown
│ │ └─
wavespeed.md
Markdown
│ ├─
▾
templates
│ │ ├─
avatar.md
Markdown
│ │ ├─
badge-id.md
Markdown
│ │ ├─
emoji-sticker.md
Markdown
│ │ ├─
exploded-diagram.md
Markdown
│ │ ├─
flowchart.md
Markdown
│ │ ├─
intro-graphic.md
Markdown
│ │ ├─
marketing-poster.md
Markdown
│ │ ├─
ppt-slides.md
Markdown
│ │ ├─
product-photo.md
Markdown
│ │ ├─
report-illustration.md
Markdown
│ │ ├─
scene-photo.md
Markdown
│ │ ├─
social-media-grid.md
Markdown
│ │ └─
ui-prototype.md
Markdown
│ ├─
glossary.md
Markdown
│ └─
model-selection.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present - purely documentation and templates
✓ All external URLs point to legitimate AI service documentation (Google, Jiekou, Novita, etc.)
✓ No credential harvesting or exfiltration behavior
✓ No obfuscation or suspicious encoding patterns
✓ No shell commands or subprocess calls
✓ The 'hardcoded API key' is a documentation placeholder (your-api-key-here), not a real credential