qwen-image-2

SUSPICIOUS. The image-generation purpose is coherent, but the operational footprint is wider than necessary: it requires installing another skill, depends on a third-party CLI/platform, and routes user data through inference.sh while presenting itself as an Alibaba/Qwen skill. Main concerns are transitive trust, intermediary data flow, and unclear installer provenance rather than confirmed malware.