← Back to Skills Marketplace
suhe
by
Hongwei Zhao
· GitHub ↗
· v1.2.0
· MIT-0
88
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install suhe
Description
Edit suhe's reference image with Tongyi Wanxiang (通义万相) and send selfies to messaging channels via OpenClaw
Usage Guidance
Before installing or running this skill: 1) Review and understand the installer (bin/cli.js) — it will copy many files into ~/.openclaw and create persistent skills/workspace files. 2) Verify which environment variables you will need and where they are declared. The registry metadata says none are required, but the skill requires DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN and examples use Aliyun OSS credentials (ALIYUN_ACCESS_KEY_ID / ALIYUN_ACCESS_KEY_SECRET) which are sensitive. Only provide keys you control and understand. 3) Confirm ownership/trust of pic.lilozkzy.top — the skill uses that domain for reference images and 'friendly' links; ensure your images are not being hosted or routed through a third party you don't trust. 4) Check local gateway port configuration used by your OpenClaw runtime (the skill references multiple ports); adapt scripts to your environment. 5) Consider running the installer and scripts in a sandbox or review and edit the scripts (especially the upload and gateway URLs) before executing. 6) If you need to limit exposure, prefer configuring uploads to a bucket you control and ensure CNAME/URL behavior is as you expect. If you are uncertain, do not provide your OSS keys or run the installer until you can inspect and modify the code.
Capability Analysis
Type: OpenClaw Skill
Name: suhe
Version: 1.2.0
The bundle is a comprehensive AI agent persona and skill template for 'Suhe,' a fictional character. It provides legitimate functionality for generating AI images using Alibaba's Tongyi Wanxiang API and distributing them via the OpenClaw gateway. The code in 'bin/cli.js' and 'scripts/suhe-selfie.sh' is transparent, well-documented, and lacks any indicators of data exfiltration, obfuscation, or unauthorized execution. Notably, the bundle includes a 'SAFETY.md' file that explicitly instructs the agent to avoid exfiltrating private data and requires user confirmation for high-risk operations, demonstrating a strong alignment with secure agent behavior.
Capability Assessment
Purpose & Capability
Skill purpose (edit a fixed reference image via Alibaba DashScope/Tongyi Wanxiang and send via OpenClaw) matches the code and scripts. However the package metadata declared no required environment variables while the SKILL.md and multiple scripts require DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN, and additional Aliyun OSS credentials are used in example upload steps but not declared in metadata—this mismatch is unexpected and unclear.
Instruction Scope
Runtime instructions and scripts do more than 'call DashScope and send via OpenClaw': they download generated images, upload them to OSS (using ali-oss and environment variables such as ALIYUN_ACCESS_KEY_ID/ALIYUN_ACCESS_KEY_SECRET), and print or return a friendly link under http://pic.lilozkzy.top. The skill also references multiple local gateway endpoints/ports inconsistently (localhost:18789, localhost:3000) and instructs copying and writing many files into ~/.openclaw. These extra actions (upload to OSS, producing friendly links on an external domain) expand scope and require sensitive credentials and trust in external domains.
Install Mechanism
No explicit install spec in registry, but the bundled bin/cli.js is an installer that copies workspace and skill files into the user's ~/.openclaw directory (writing many files into the home folder). That is functional for a template installer but is invasive compared with an instruction-only skill and should be run only after review. No remote downloads from untrusted URLs are performed by installer, but the installer will place scripts that call external services.
Credentials
SKILL.md and scripts require DASHSCOPE_API_KEY and OPENCLAW_GATEWAY_TOKEN (reasonable for image generation and sending). However scripts and instructions also reference Aliyun OSS credentials (ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, ALIYUN_OSS_BUCKET, etc.) and expect an oss-uploader skill or ali-oss usage — these are not declared in the registry metadata. The skill will therefore ask for/need additional sensitive credentials beyond what the registry lists. It also references a custom domain (pic.lilozkzy.top) as the canonical output location, which implies either ownership or an expectation about the user's OSS/cname configuration that is not explained.
Persistence & Privilege
always:false (good). The installer (bin/cli.js) writes files into ~/.openclaw (workspace, skill, docs) which is normal for installing an agent template but is persistent on disk. The skill does not request 'always: true' nor does it claim to change other skills' configs; still, installing will create persistent files and scripts that can be executed later by the agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install suhe - After installation, invoke the skill by name or use
/suhe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
苏禾中国女友
Metadata
Frequently Asked Questions
What is suhe?
Edit suhe's reference image with Tongyi Wanxiang (通义万相) and send selfies to messaging channels via OpenClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 88 downloads so far.
How do I install suhe?
Run "/install suhe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is suhe free?
Yes, suhe is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does suhe support?
suhe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created suhe?
It is built and maintained by Hongwei Zhao (@lilozhao); the current version is v1.2.0.
More Skills