Ima All Ai

What to check before installing: - Confirm origin and owner: metadata and README contain mismatched owner IDs/versions and repo name typos ("imastuido" vs "imastudio"); verify the publisher and source (prefer an official repo/homepage) before trusting keys. - Understand network endpoints: the code contacts api.imastudio.com, imapi.liveme.com, and api.kie.ai and performs presigned uploads to CDN hosts (aliyuncs/esxscloud). If you don't trust those domains, do not provide real API keys. - Provide minimal privileges: if possible use scoped or expendable API keys for KIE_API_KEY and IMA_API_KEY while testing. Avoid using high-privilege production keys until reviewed. - Note local probing & cross-skill reads: the script checks localhost:8787 (callback server) and can optionally read another skill's reference files; ensure you are comfortable with that behavior. - Check undeclared envs: the script may use KIE_CALLBACK_URL and IMA_CONSOLE_LOG_LEVEL even though they were not required in the manifest—review/set them as needed. - Review code locally or run in an isolated environment first: the package is small (Python scripts); inspect the full ima_create.py for any additional endpoints or unexpected behavior, and test with dummy keys. - If you need higher assurance, ask the publisher for an official homepage/repo URL and a reproducible release (signed or on an official GitHub account) and for clarification about metadata mismatches.