ZenMux Image Generation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill uses your ZenMux account key and may consume quota or paid plan access.
The script uses a ZenMux bearer API key. This is purpose-aligned for a ZenMux image-generation client, but it is sensitive account authority and the registry metadata lists no required env vars or primary credential.
api_key = os.environ.get("ZENMUX_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a revocable or limited ZenMux API key if available, set it only for the session or command that needs it, and monitor account usage.
Prompts and any selected reference images leave the local environment and are processed by ZenMux.
When reference images are provided, the script reads them, embeds them in the API request, and sends them with the prompt to the external ZenMux endpoint.
parts.append({"inlineData": {"mimeType": mime_type, "data": encoded_string}}) ... response = requests.post(url, headers=headers, json=data)Avoid using private, sensitive, or regulated images unless you are comfortable sending them to ZenMux under its terms and data-handling practices.