qwen-image-2-pro
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: The stated purpose matches the capability, but the skill is not self-contained and requires transitive installation of another skill plus an external CLI login. The main concern is install/execution trust and credential forwarding through inference.sh/belt rather than direct use of an official Alibaba API. No clear malware indicators are present, but the dependency chain and external auth flow make this higher-risk than a typical documentation-only skill.
Confidence: 81%Severity: 78%
Audit Metadata