Cloudflare Image Generation
WarnAudited by ClawScan on May 10, 2026.
Overview
The image-generation purpose is coherent, but the skill embeds a Cloudflare bearer token and executes a shell command built from the user's prompt.
Do not install this as-is unless the Cloudflare token has been removed or rotated and the shell command construction has been fixed. Use your own scoped Cloudflare credential through a secure configuration path, and avoid passing sensitive text in image prompts because prompts are sent to Cloudflare.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who installs or can read the skill can use or leak the Cloudflare credential, and the token scope is not bounded in the artifacts.
The skill embeds a reusable Cloudflare account ID and bearer token directly in the source and uses it for API authorization, rather than requiring a user-provided scoped credential.
ACCOUNT_ID = "1e89..."; TOKEN = "aCTA2Ka..."; -H "Authorization: Bearer {TOKEN}"Remove the hardcoded token, rotate it, and require users to provide their own minimally scoped Cloudflare API token through a declared environment variable or secure credential mechanism.
A malicious or accidental prompt could cause the agent environment to run commands beyond image generation.
The user-controlled prompt is interpolated into a shell command that is executed with shell=True; a prompt containing shell-breaking characters could execute unintended local commands.
cmd = f'''curl ... -d '{json.dumps({"prompt": prompt})}' > /tmp/cf_response.json'''; subprocess.run(cmd, shell=True)Call the Cloudflare API without a shell, for example using Python requests or subprocess.run with an argument list, and pass JSON data without manual shell quoting.
The skill may fail or behave differently depending on whether curl is available in the local environment.
The metadata says no binaries are required, while the included script invokes curl at runtime; this is an undeclared runtime dependency rather than direct malicious behavior.
Required binaries (all must exist): none
Declare curl as a required binary or replace it with a standard Python HTTP library so the runtime requirements are clear.