Back to skill
Skillv1.0.2
ClawScan security
Filtrix Image Gen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 5:43 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to do what it claims (call a Filtrix MCP endpoint to generate/edit images), but the package metadata and runtime instructions disagree about required credentials and the code includes an undocumented env-var fallback and network behavior you should review before installing.
- Guidance
- Before installing or using this skill: (1) don't set or expose your Filtrix API key globally until you trust the source—the SKILL.md requires FILTRIX_MCP_API_KEY but the registry metadata omits it; verify which env var your deployment will inject. (2) Note the scripts also accept an undocumented MCP_API_KEY fallback—ask the author to document/fix this. (3) Running the scripts will send images (including anything you pass via --image-path or --image-url) to https://mcp.filtrix.ai/mcp and will download returned signed URLs; avoid sending sensitive images unless you trust Filtrix. (4) The package contains plain Python scripts (no install fetches), so inspect them or run them in a sandboxed environment and monitor network/credential usage. (5) Ask the publisher to correct the registry metadata to declare the required env var (FILTRIX_MCP_API_KEY) and clarify the MCP_API_KEY fallback before trusting the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill name/description match the included scripts and MCP usage: both generate and edit images via a Filtrix MCP endpoint. However the registry metadata lists no required environment variables or primary credential, while SKILL.md and the scripts clearly require an API key (FILTRIX_MCP_API_KEY). This mismatch is inconsistent and should be corrected.
- Instruction Scope
- noteSKILL.md and the scripts limit behavior to calling the Filtrix MCP endpoint and downloading returned images or user-provided image URLs. The scripts read local image files when provided, base64-encode them, send them to the MCP endpoint, and write result images to /tmp (or a user-specified path). The scripts also accept an undocumented fallback env var (MCP_API_KEY). No instructions attempt to read unrelated system files or other credentials, but the acceptance of arbitrary input image URLs means user-provided URLs (and image contents) will be retrieved and transmitted to the remote MCP service—consider privacy implications.
- Install Mechanism
- okNo install spec; code is included as plain Python scripts. This is the lower-risk model (nothing is automatically fetched or executed at install time), but you still run the bundled scripts locally which will make outbound network calls.
- Credentials
- concernThe runtime requires a Filtrix API key (FILTRIX_MCP_API_KEY) but the registry metadata omitted this. The scripts also accept MCP_API_KEY as an undocumented alias. Requesting a single service API key is proportionate for this functionality, but the metadata mismatch and undocumented fallback increase the risk of accidental credential exposure or misconfiguration.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request unusual system privileges, and does not modify other skills or global agent settings. It runs only when invoked and writes output files to user-specified paths (default /tmp).