modly-image-to-3d

SUSPICIOUS: the core local image-to-3D purpose is coherent, and the documented localhost data flow is consistent with that purpose, but the extension system materially expands trust by installing and executing Python code from user-supplied GitHub repos. That makes the skill higher risk than a normal local AI app even without signs of direct credential theft or exfiltration.