model-management
Manages text, image, and video models by adding, updating, or removing them across various providers.
Install this skill
Security score
The model-management skill was audited on Jun 3, 2026 and we found 27 security issues across 4 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 110 | curl -s "http://localhost:8788/v1/chat/completions" \ |
Curl to non-GitHub URL
| 442 | curl -s "http://localhost:8788/v1/chat/completions" \ |
Webhook reference - potential data exfiltration
| 74 | - Dashboard, auth routes, account APIs (Stripe portal, webhook handlers, login) |
Access to hidden dotfiles in home directory
| 559 | The convention on this team is to keep the Pollinations age private key in **macOS Keychain** under service name `sops-age-key` (account = your local `$USER`). If `~/.config/sops/age/keys.txt` exists |
Access to hidden dotfiles in home directory
| 564 | for KF in ~/.config/sops/age/keys.txt ~/Library/Application\ Support/sops/age/keys.txt; do |
Access to .env file
| 100 | # stores the plaintext of secret keys, so a token in _local/.env only works if |
Access to .env file
| 102 | # _local/.env POLLINATIONS_TOKEN_LOCAL (idempotent; re-run after any D1 reset). |
Access to .env file
| 104 | source _local/.env |
Access to .env file
| 109 | source _local/.env |
Access to .env file
| 119 | # 4. `_local/.env` — secrets reference |
Access to .env file
| 124 | source _local/.env |
Access to .env file
| 137 | > **A 401 on `localhost:8788` almost always means the local D1 has no row for your token — run `cd gen.pollinations.ai && npm run seed:local`.** Root cause: gen validates `Bearer` tokens against its O |
Access to .env file
| 143 | Provider/runtime secrets (Azure, OpenAI, OpenRouter API keys, etc.) belong in `gen.pollinations.ai/secrets/{dev,staging,prod}.vars.json` via SOPS — never in `_local/.env`. See §11. |
Access to .env file
| 228 | source _local/.env |
Access to .env file
| 437 | source _local/.env |
Prompting for API key/token input
| 137 | > **A 401 on `localhost:8788` almost always means the local D1 has no row for your token — run `cd gen.pollinations.ai && npm run seed:local`.** Root cause: gen validates `Bearer` tokens against its O |
Access to system keychain/keyring
| 559 | The convention on this team is to keep the Pollinations age private key in **macOS Keychain** under service name `sops-age-key` (account = your local `$USER`). If `~/.config/sops/age/keys.txt` exists |
Access to system keychain/keyring
| 563 | || { echo "Not in keychain — ask the user where their age key lives"; exit 1; } |
Access to system keychain/keyring
| 567 | printf '\n# pollinations (restored from keychain svce=sops-age-key)\n%s\n' "$SOPS_KEY" >> "$KF" |
Access to system keychain/keyring
| 574 | If `-a "$USER"` doesn't match, try without `-a` (`security find-generic-password -s "sops-age-key" -w`) and let keychain pick the only one. Recipients can rotate — read the current expected public key |
External URL reference
| 68 | | `http://localhost:8788` model tests (config, handler, registry, modalities, billing) | gen only | `POLLINATIONS_TOKEN_LOCAL` | staging workspace | |
External URL reference
| 70 | | `https://gen.pollinations.ai` | none | `POLLINATIONS_TOKEN_PROD` | prod workspace | |
External URL reference
| 110 | curl -s "http://localhost:8788/v1/chat/completions" \ |
External URL reference
| 231 | GEN="http://localhost:8788" # or https://gen.pollinations.ai |
External URL reference
| 389 | TB="https://api.europe-west2.gcp.tinybird.co" |
External URL reference
| 442 | curl -s "http://localhost:8788/v1/chat/completions" \ |
External URL reference
| 457 | TB="https://api.europe-west2.gcp.tinybird.co" |