qwen-image

The skill aligns with its stated purpose of generating and editing images via Alibaba Qwen-Image-2.0 using the inference.sh CLI. However, the installation and execution pattern relies on downloading an unverifiable external binary from a non-official registry and executing it on the host, which is a legitimate supply-chain risk. There is potential data exposure through prompts, reference images, and generated outputs if processing occurs on external servers. Token/token storage visibility is unclear for the login step. Overall, the footprint is suspicious and warrants heightened scrutiny and, at minimum, safer distribution via official registries and verifiable checksums before deeming it benign.