ifly-image-understanding
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates exclusively with the official iFlytek API domain (spark-api.cn-huabei-1.xf-yun.com) using signed requests.
- [SAFE]: Sensitive information such as the App ID, API Key, and Secret is managed through environment variables rather than being hardcoded in the source code.
- [SAFE]: The script uses only Python standard libraries to implement the WebSocket protocol and HMAC signing, removing dependencies on third-party packages and reducing potential supply chain vulnerabilities.
- [SAFE]: File access is strictly limited to reading the user-specified image file for the purpose of base64 encoding and transmission to the API.
Audit Metadata