mcp-tokenflux-images

SUSPICIOUS: the stated purpose is coherent, but the install and execution model is not. A TokenFlux image skill should not require an unpinned raw-GitHub installer for an unrelated CLI and then forward the API key through that tool; this creates significant supply-chain and credential-handling risk despite the official TokenFlux endpoint.