ImageFlare
Security checks across static analysis, malware telemetry, and agentic risk
Overview
ImageFlare is coherent for Cloudflare-based image generation, but users should be aware it relies on an external CLI, stores a Cloudflare API token, and sends prompts/images to Cloudflare.
Before installing, verify that the `imageflare` CLI package is the one you intend to trust, create a least-privilege Cloudflare Workers AI token, and avoid using highly sensitive images or prompts unless you are comfortable sending them to Cloudflare.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill uses code from the external `imageflare` package.
The skill depends on an external pip-installed CLI that is not included in the skill artifact. That is normal for this CLI wrapper, but it means installation trust depends on the external package.
"requires": { "bins": ["imageflare"] }, "install": [{ "kind": "pip", "package": "imageflare" }]Install only from the expected package/source, review the project homepage if needed, and keep the CLI updated from a trusted channel.
Anyone with access to the token or local config may be able to use the linked Cloudflare Workers AI capability.
The skill requires a Cloudflare API token for Workers AI access. This is purpose-aligned, but API tokens are sensitive account credentials.
API Token | My Profile → API Tokens → Create Token — select the Workers AI template or grant `Workers AI: Read` permission
Use a least-privilege Workers AI token, avoid broader Cloudflare permissions, protect the local config file, and revoke the token if it is exposed.
Prompts and images submitted for generation or editing are processed by Cloudflare's service.
The artifact discloses that requests are sent to Cloudflare Workers AI. For edit workflows, prompts and input/reference images may leave the local machine for processing.
No intermediate servers — requests go directly to the Cloudflare Workers AI API
Do not submit private or sensitive images/prompts unless you are comfortable with Cloudflare processing them under its service terms.