← Back to Skills Marketplace
112
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install nova-canvas
Description
Generate images using Amazon Nova Canvas via AWS Bedrock. Supports multiple AWS auth methods: environment variables, credentials file, named profiles, IAM in...
Usage Guidance
This skill appears to do what it says: call AWS Bedrock Nova Canvas and save images. Before installing, consider: (1) provenance — the source is unknown, so review the code yourself or run in an isolated environment; (2) credentials — the script will use AWS credentials (env vars, ~/.aws/credentials, profiles, instance role, or AWS_BEARER_TOKEN_BEDROCK). Do not supply high-privilege or long-lived credentials; create a least-privilege IAM role/policy scoped only to Bedrock (invoke-model) and prefer temporary session tokens. (3) dependency — boto3 may be required for the boto3 path; ensure your environment has it or the script will fail. (4) confirm you trust the bearer token provider if using AWS_BEARER_TOKEN_BEDROCK. If you cannot verify the owner or restrict credentials, run the script in a sandbox or decline installation.
Capability Analysis
Type: OpenClaw Skill
Name: nova-canvas
Version: 1.1.0
The nova-canvas skill is a functional tool for generating images via Amazon Nova Canvas on AWS Bedrock. The script (scripts/generate.py) correctly implements standard AWS authentication methods using boto3 and provides an alternative path for bearer tokens via urllib, all targeting official AWS Bedrock endpoints. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description say 'Nova Canvas via AWS Bedrock' and both SKILL.md and generate.py implement calls to Bedrock (boto3 or direct HTTPS with a bearer token). Requiring AWS credentials is appropriate for this purpose. However, the registry metadata lists no required environment variables or primary credential even though the implementation references AWS_BEARER_TOKEN_BEDROCK and standard AWS credential methods (env vars, ~/.aws/credentials, profiles, explicit keys). This mismatch is an omission in metadata (not necessarily malicious) but reduces transparency.
Instruction Scope
SKILL.md and the script limit actions to building a Bedrock text->image request, invoking the model, decoding base64 images, and saving them locally. The instructions do not ask the agent to read arbitrary unrelated files; the only OS/config access is the standard AWS credential chain (env vars, ~/.aws/credentials, instance role) which is required to authenticate to Bedrock. Minor mismatch: SKILL.md lists an auto-detection order that differs slightly from detect_auth_method in the script.
Install Mechanism
There is no install spec (instruction-only), which is low risk for supply-chain downloads. However, the script imports boto3 if using the boto3 path and prints an error if it's missing (suggests pip install boto3). The absence of dependency declaration in metadata is a transparency shortcoming — user must ensure boto3 is installed in the runtime environment.
Credentials
The skill legitimately needs AWS credentials to call Bedrock and the script accepts multiple auth methods (bearer token via AWS_BEARER_TOKEN_BEDROCK, access key/secret, session token, profile, instance role). That is proportional to the task. Concern: the registry metadata does not declare these environment variables or a primary credential, so users may not realize the skill will access local AWS credentials. Also the bearer-token env var name suggests platform-managed tokens; confirm what will supply that token. Use of long-lived high-privilege keys would be risky — the skill itself will send requests only to AWS Bedrock endpoints, but it will have whatever access the provided credentials permit.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills, system-wide settings, or persist new credentials. It only writes output image files to the specified path and uses standard AWS credential resolution; no elevated persistence or privilege escalation is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nova-canvas - After installation, invoke the skill by name or use
/nova-canvas - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Support 8 AWS auth methods: Bearer token, IAM keys, profiles, credentials file, instance roles, SSO, session tokens, direct keys. Fixed region default to us-east-1.
v1.0.0
Initial release: multi-provider image generation (AWS Bedrock Nova Canvas, OpenAI DALL-E/GPT-Image, Stability AI). Auto-detect credentials.
Metadata
Frequently Asked Questions
What is Nova Canvas?
Generate images using Amazon Nova Canvas via AWS Bedrock. Supports multiple AWS auth methods: environment variables, credentials file, named profiles, IAM in... It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.
How do I install Nova Canvas?
Run "/install nova-canvas" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nova Canvas free?
Yes, Nova Canvas is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nova Canvas support?
Nova Canvas is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nova Canvas?
It is built and maintained by Garming (@wujiaming88); the current version is v1.1.0.
More Skills