Cloudflare Workers Ai Images
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned for Cloudflare image generation, but it requires a Cloudflare API token and sends prompts/source images to Cloudflare.
Before installing, be sure you are comfortable providing a Cloudflare API token and sending prompts or source images to Cloudflare Workers AI. Use a least-privilege token, do not paste token values into chat or logs, and keep the default temporary-output workflow unless you explicitly want to save files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the Cloudflare account privileges granted to the provided API token, and the token should be treated as a secret.
The skill needs a Cloudflare account ID and API token, and the verification command could display the token if copied into logs or chat.
CF_ACCOUNT_ID: "your_cloudflare_account_id" CF_API_TOKEN: "your_cloudflare_api_token" ... docker compose exec openclaw env | grep '^CF_'
Use a least-privilege Cloudflare token limited to Workers AI inference, and verify that the token is set without pasting or exposing its value.
Any prompt text and source image used with this skill are processed by Cloudflare, so sensitive images or private prompt content leave the local environment.
For img2img, the script reads the local source image and sends it, along with the prompt, to Cloudflare Workers AI.
BASE_URL_TEMPLATE = "https://api.cloudflare.com/client/v4/accounts/{account_id}/ai/run/{model}"
...
"image_b64": file_to_base64(args.image)Only use source images and prompts that you are comfortable sending to Cloudflare, and follow your organization’s data handling rules.