qwen-image-2
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill's image-generation purpose is plausible, but it depends on installing another skill and routing usage through inference.sh/belt rather than official Alibaba endpoints. The transitive trust chain, third-party credential handling, and gatewayed data flow are disproportionate to the stated purpose.
Confidence: 88%Severity: 78%
Audit Metadata