Maliang Image

This skill appears to do what it says (call nano.djdog.ai to generate/edit images), but exercise caution before installing. Key points to consider: - The skill auto-provisions an API key by calling https://nano.djdog.ai/api/v1/provision and instructs you to save it as MALIANG_API_KEY, yet the registry metadata does not declare that env var — ask the publisher to declare MALIANG_API_KEY as a required/primary credential for clarity. - The skill will upload images you provide (local files or URLs). Do not supply any sensitive local files or URLs you do not want transmitted to an external service. Prefer pasting images explicitly intended to be uploaded. - The SKILL.md claims images are not stored permanently on the server; that is a promise by the third‑party service (nano.djdog.ai) and not enforced by this skill. Verify the service's privacy/security policy before sending private content. - If you are uncomfortable with automatic provisioning, consider provisioning the API key manually on the service and setting MALIANG_API_KEY yourself, or ask for the skill metadata to be updated to declare the env var. - Because source/homepage information is sparse in the registry metadata, verify the trustworthiness of nano.djdog.ai (homepage in SKILL.md) and that HTTPS endpoints are correct. If the publisher updates the skill metadata to explicitly list MALIANG_API_KEY in requires.env/primaryEnv and provides an authoritative privacy/security statement for nano.djdog.ai, this evaluation would likely move to benign. For now, treat it as suspicious and proceed only if you trust the external service and are careful about which images/files you provide.