Skills
skills/vaayne/cc-plugins/mcp-tokenflux-images/Gen Agent Trust Hub

mcp-tokenflux-images

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command for the required mh CLI tool by piping a remote shell script directly into sh. This script is hosted on the skill author's GitHub repository (vaayne/mcphub) and serves as a legitimate installation method for the tool.\n
  • Evidence: curl -fsSL https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh | sh\n- [EXTERNAL_DOWNLOADS]: The documentation references a shell script for installation hosted on raw.githubusercontent.com/vaayne. As this resource is owned and managed by the skill's author, it is considered a vendor-owned resource for the purpose of tool setup.\n
  • Evidence: https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh\n- [COMMAND_EXECUTION]: The skill utilizes the mh CLI tool to communicate with the TokenFlux API. These commands are clearly defined and used to list AI models, inspect their schemas, and initiate image generation requests.\n
  • Evidence: Examples include mh list, mh inspect, and mh invoke commands used to manage model interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:45 PM