Don't download
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a purpose-aligned Bria.ai image API skill, but it uses a Bria credential and sends selected images/prompts to Bria, so users should verify the publisher and avoid sensitive images.
Use this skill only if you intend to use Bria.ai for image processing. Verify the publisher because the source is unknown, use a revocable Bria API key, and avoid sending confidential or private images unless you accept Bria's data handling terms.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users could assume this is an official Bria skill when the supplied registry metadata does not prove that.
The registry provenance and naming are not clearly tied to an official Bria.ai distribution, even though the skill handles Bria API credentials.
Source: unknown; Name: Don't download; Slug: gal-test; Version: 1.0.0
Verify the publisher/source before installing and use a revocable Bria API key.
The agent can use your Bria account and quota when performing requested image operations.
The helper reads a local Bria credential file and sends the API token in Bria API requests, which is expected for this integration but is still account access.
BRIA_API_KEY is auto-loaded from ~/.bria/credentials if not already set ... BRIA_API_KEY=$(grep '^api_token=' "$HOME/.bria/credentials" | cut -d= -f2-) ... -H "api_token: $BRIA_API_KEY"
Use a dedicated, revocable API key and remove or review ~/.bria/credentials if you do not want the skill to auto-load credentials.
Images, image URLs, and prompts you choose to process may leave your machine and be handled by Bria.ai.
Local image files can be base64-encoded and posted to the external Bria API endpoint for processing.
BRIA_API_BASE="${BRIA_API_BASE:-https://engine.prod.bria-api.com}" ... base64 < "$image" | tr -d '\n' >> "$payload" ... curl ... "${BRIA_API_BASE}${endpoint}" ... -d @"$payload"Only process images you are comfortable sending to Bria, and keep BRIA_API_BASE pointed at the official Bria endpoint unless you intentionally use a trusted alternative.