ZenMux Image Generation
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for ZenMux image generation, but users should know it needs a ZenMux API key and uploads prompts and chosen reference images to ZenMux.
This looks safe to install from the provided artifacts if you intend to use ZenMux for image generation. Before using it, provide only a ZenMux API key you trust the skill to use, and do not pass sensitive reference images unless you are comfortable uploading them to ZenMux.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill uses your ZenMux account key and may consume quota or paid plan access.
The script uses a ZenMux bearer API key. This is purpose-aligned for a ZenMux image-generation client, but it is sensitive account authority and the registry metadata lists no required env vars or primary credential.
api_key = os.environ.get("ZENMUX_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a revocable or limited ZenMux API key if available, set it only for the session or command that needs it, and monitor account usage.
Prompts and any selected reference images leave the local environment and are processed by ZenMux.
When reference images are provided, the script reads them, embeds them in the API request, and sends them with the prompt to the external ZenMux endpoint.
parts.append({"inlineData": {"mimeType": mime_type, "data": encoded_string}}) ... response = requests.post(url, headers=headers, json=data)Avoid using private, sensitive, or regulated images unless you are comfortable sending them to ZenMux under its terms and data-handling practices.