扫描报告
5 /100
oatda-generate-image
Generate images from text descriptions using AI models through OATDA's unified API
Legitimate OATDA image generation API wrapper with fully declared capabilities and no malicious behavior detected.
可以安装
Approve for use. The skill is a straightforward API client with no hidden functionality or suspicious patterns.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md - bash commands using curl and jq for API calls |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md - curl to https://oatda.com/api/v1/llm/* endpoints |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md - reads ~/.oatda/credentials.json for API key fallback |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md - reads OATDA_API_KEY environment variable |
6 项发现
中危 外部 URL 外部 URL
https://oatda.com SKILL.md:4 中危 外部 URL 外部 URL
https://oatda.com/api/v1/llm/models?type=image SKILL.md:54 中危 外部 URL 外部 URL
https://oatda.com/api/v1/llm/generate-image SKILL.md:66 中危 外部 URL 外部 URL
https://cdn.example.com/generated-image.png SKILL.md:105 中危 外部 URL 外部 URL
https://cdn.example.com/image-1.png SKILL.md:107 中危 外部 URL 外部 URL
https://cdn.example.com/image-2.png SKILL.md:108 目录结构
1 文件 · 7.0 KB · 185 行 Markdown 1f · 185L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present - only documentation file
✓ All shell commands are fully declared in documentation
✓ API calls restricted to single trusted endpoint (oatda.com)
✓ API key properly masked (only first 8 chars shown)
✓ No credential exfiltration - keys stay local
✓ No base64, eval, or dynamic code execution
✓ No suspicious network connections or IP addresses
✓ No hidden HTML comments or steganographic content
✓ No remote script execution (curl|bash pattern absent)
✓ No iteration over environment variables for credential harvesting
✓ Dependencies (curl, jq) are declared and standard