← Back to Skills Marketplace
252
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install zhy-article-illustrator
Description
Use when illustrating a Markdown article with high-finish editorial visuals, visual-bible planning, structured prompts, optional Qiniu upload, and inserted i...
Usage Guidance
Key things to consider before installing or running:
- Metadata omission: the registry entry says "no required env vars" but the scripts expect many API keys (IMAGE_*, GEMINI_API_KEY/GOOGLE_API_KEY, OPENAI_API_KEY) and optional QINIU_* credentials. Do not supply any secrets until you confirm which provider and endpoint you intend to use.
- Default third‑party endpoint: the code includes a non-official default image base URL (https://vip.123everything.com/v1beta). If you do not explicitly set IMAGE_BASE_URL/XIAOMI_BASE_URL or provider to an official endpoint, the skill may contact that host. If you plan to use this skill, set image provider and base URL to your trusted provider (official Gemini/OpenAI/Xiaomi endpoints) and verify the endpoint before supplying API keys.
- .env and config reading: the scripts will read a .env in the skill run directory and will search upward for .zhy-illustrator.yml (it walks parent directories). Ensure no sensitive credentials or private config files are in parent directories you don't expect the skill to read.
- Qiniu upload: uploading images requires QINIU_ACCESS_KEY / QINIU_SECRET_KEY etc. Only provide these if you intend to use upload and you trust the run environment. The upload code uses standard HMAC signing logic; still treat these values as sensitive.
- Run in a controlled environment first: test with a throwaway article and with no API keys (or with keys restricted to test accounts) to observe outbound requests. Prefer running inside an isolated/sandboxed environment if you will provide real API keys.
- If you need to trust this skill: inspect and optionally edit the code to remove or change the default base URL, and explicitly add required env vars to the skill metadata before granting access.
I have medium confidence in this assessment because the code is readable and not obfuscated, but some runtime behavior depends on environment configuration (which affects risk) and the presence of the non-official default endpoint makes the intent ambiguous. Additional confirmation (author identity, repository source, and intended default endpoints) would increase confidence.
Capability Analysis
Type: OpenClaw Skill
Name: zhy-article-illustrator
Version: 0.1.0
The skill bundle is a legitimate and well-structured tool designed to automate the illustration of Markdown articles using AI image generators (Gemini, OpenAI) and Qiniu Cloud for image hosting. It includes scripts for article analysis, visual style planning (visual-bible), structured prompt generation, and automated uploading. While the code contains a hardcoded default API relay URL (vip.123everything.com) for the 'Xiaomi' provider, this is documented as a functional requirement for that specific service and does not appear to be an intentional exfiltration backdoor. The scripts handle sensitive API keys from environment variables in a standard manner, and no evidence of malicious intent, prompt injection, or unauthorized data access was found across the files (SKILL.md, illustrate-article.ts, image-gen.ts, etc.).
Capability Assessment
Purpose & Capability
The skill claims to illustrate Markdown articles and optionally upload to Qiniu, and the included scripts implement that pipeline. However the published metadata declares no required environment variables or credentials while the scripts clearly expect many sensitive keys (IMAGE_* / GEMINI_API_KEY / OPENAI_API_KEY / QINIU_* etc.). That mismatch (no required env in registry vs many env reads in code) is incoherent and surprising to a user installing the skill.
Instruction Scope
SKILL.md and the scripts instruct the agent to read the article file, read a local .env, and optionally read/merge a .zhy-illustrator.yml found by searching up the directory tree. The planner will traverse parent directories to find that config file (potentially reading a file outside the article folder). The runtime will spawn local scripts and perform network calls to configured API endpoints. These behaviors are within the skill's declared purpose but the documentation/metadata do not fully enumerate the file reads and env access, which broadens its scope unexpectedly.
Install Mechanism
No install spec (instruction-only) which limits disk changes to the skill files themselves. That is lower risk. However the code contains a baked-in default image API base URL (https://vip.123everything.com/v1beta) used when no base URL is provided; that is a non-standard third-party endpoint and should be treated as a potentially unexpected remote target.
Credentials
The skill metadata lists no required env vars, but the scripts read many sensitive environment variables (IMAGE_PROVIDER, IMAGE_API_KEY, XIAOMI_API_KEY, GEMINI_API_KEY / GOOGLE_API_KEY, OPENAI_API_KEY, and QINIU_ACCESS_KEY / QINIU_SECRET_KEY / QINIU_BUCKET / QINIU_DOMAIN). Requesting Qiniu keys and multiple image-provider API keys is reasonable for optional upload and multi-provider support, but the metadata omission and the number of credential types are disproportionate to what the registry entry communicated and should be explicitly declared before installation.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It runs local scripts (child processes) and writes files under illustrations/<slug>/ and article.illustrated.md. Autonomous invocation is allowed (platform default) — combine that with the environment/endpoint concerns when granting runtime permission.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zhy-article-illustrator - After installation, invoke the skill by name or use
/zhy-article-illustrator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
zhy-article-illustrator v1.2.0
- Adds automated, high-finish editorial illustrations for Markdown articles, including visual bible planning and structured prompts.
- Supports configurable illustration density, aspect ratio, image provider/model, and Qiniu CDN upload with reference replacement.
- Generates detailed outline, visual bible, prompts, and integrates image references into an article copy.
- Workflow covers article analysis, planning, image generation (Gemini/Xiaomi-compatible), optional uploading, and error handling.
- Output includes paths for all generated assets, image statistics, and uploaded CDN URLs.
Metadata
Frequently Asked Questions
What is Zhy Article Illustrator?
Use when illustrating a Markdown article with high-finish editorial visuals, visual-bible planning, structured prompts, optional Qiniu upload, and inserted i... It is an AI Agent Skill for Claude Code / OpenClaw, with 252 downloads so far.
How do I install Zhy Article Illustrator?
Run "/install zhy-article-illustrator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zhy Article Illustrator free?
Yes, Zhy Article Illustrator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Zhy Article Illustrator support?
Zhy Article Illustrator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zhy Article Illustrator?
It is built and maintained by zhy (@zhylq); the current version is v0.1.0.
More Skills