← Back to Skills Marketplace
361
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pick-your
Description
Generates multi-themed food collages (Burgers, Pizzas, Sushi, Salads, Desserts) with circle-masked images. Use when user asks for a collage of specific food...
Usage Guidance
Do not run or deploy this skill without remediation. Specific steps to consider before installing: 1) Treat the hard-coded ACCOUNT_ID and TOKEN as sensitive — assume they are valid and could be used to consume or exfiltrate resources; remove the file or the credentials immediately. 2) Ask the author why generate_image.py is included and why it contains an embedded token; require replacing hard-coded creds with a documented environment variable and minimal-scope credentials. 3) If the token is yours, rotate/revoke it now. 4) If you must test, run only make_wings_collage.py in an isolated sandbox and verify it uses local image files (wings_style_collages/...). 5) Prefer skills with clear provenance (homepage, source repo) and documented external API usage. 6) Consider deleting or auditing generate_image.py (it uses shell=True curl and writes to /tmp) before allowing the skill to run in any privileged environment.
Capability Analysis
Type: OpenClaw Skill
Name: pick-your
Version: 1.0.0
The skill contains a significant shell injection vulnerability in `scripts/generate_image.py` where user-provided prompts are unsafely interpolated into a `subprocess.run` call using `shell=True`. Additionally, the same file contains hardcoded Cloudflare API credentials (ACCOUNT_ID and TOKEN). While the skill's stated purpose of generating food collages in `scripts/make_wings_collage.py` appears legitimate, these security flaws allow for potential remote code execution and credential misuse.
Capability Assessment
Purpose & Capability
The SKILL.md and make_wings_collage.py describe generating collages from local images (wings_style_collages/...). However the repository also contains scripts/generate_image.py which calls an external Cloudflare Workers AI endpoint and embeds a hard-coded ACCOUNT_ID and TOKEN. The skill declares no required credentials or network use, so the presence of hard-coded secrets and an external API client is disproportionate and unexplained.
Instruction Scope
SKILL.md instructs running make_wings_collage.py from an absolute workspace path and does not mention generate_image.py or any external network activity. generate_image.py, however, runs a shell curl command (via subprocess.run with shell=True), writes to /tmp, decodes base64 responses to files, and contains hard-coded credentials — behavior outside the stated scope and not documented in SKILL.md.
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself. However the included scripts can be executed directly; generate_image.py executes a shell curl command. No external archives or unusual installers are present.
Credentials
The skill declares no required environment variables or credentials, yet generate_image.py contains a clear hard-coded ACCOUNT_ID and TOKEN (sensitive secrets) embedded in the code. This is disproportionate and risky: credentials should not be hard-coded, and any external API access should be declared and scoped.
Persistence & Privilege
Flags show always:false and user-invocable:true (normal). The skill does not request permanent presence or claim to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pick-your - After installation, invoke the skill by name or use
/pick-your - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the "Pick Your" skill.
- Generates 3x3 food collages with circular-masked images for selected themes.
- Supports customizable titles like "PICK [X] [THEME]" automatically.
- Features curated themes: Gourmet Burgers, Artisan Pizzas, Sushi Rolls, Healthy Salads, and Dessert Delights.
- Includes a script for easy collage generation.
Metadata
Frequently Asked Questions
What is pick your?
Generates multi-themed food collages (Burgers, Pizzas, Sushi, Salads, Desserts) with circle-masked images. Use when user asks for a collage of specific food... It is an AI Agent Skill for Claude Code / OpenClaw, with 361 downloads so far.
How do I install pick your?
Run "/install pick-your" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is pick your free?
Yes, pick your is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does pick your support?
pick your is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created pick your?
It is built and maintained by EXPYSF98 (@expysf98); the current version is v1.0.0.
More Skills