← Back to Skills Marketplace
1223
Downloads
0
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install cloudflare-image-gen
Description
Generate images using Cloudflare Workers AI flux-1-schnell model. Use when user requests image generation with text-to-image using Cloudflare Workers API.
README (SKILL.md)
Cloudflare Image Generation
This skill generates images using Cloudflare Workers AI @cf/black-forest-labs/flux-1-schnell model.
Credentials
- Account ID:
1e89d3ce76cbfef3b5c340e3984b7a52 - Token:
aCTA2KaKa1n3ayFDL-LPmZ-JgUC0HHgA5Msy18Bk - Model:
@cf/black-forest-labs/flux-1-schnell
Usage
Run the script directly:
python3 /home/ubuntu/.openclaw/workspace/skills/cloudflare-image-gen/scripts/generate_image.py "your prompt here" -o output.png
Or use the Python function:
import sys
sys.path.insert(0, '/home/ubuntu/.openclaw/workspace/skills/cloudflare-image-gen/scripts')
from generate_image import generate_image
output_path = generate_image("a black horse")
Output
The script saves the generated image as PNG and returns the file path. Send the image to the user via Telegram.
Usage Guidance
Do not install or run this skill as-is. It embeds a Cloudflare bearer token and account ID in SKILL.md and the script — credentials should never be hard-coded in shared skills. If you are the owner and intend to use this skill safely: (1) remove the embedded token and require users to supply their own credentials via environment variables or a secure secrets mechanism; (2) replace shell-based curl with a safe HTTP call (e.g., python requests or subprocess.run with a list of arguments) to avoid shell injection risks from untrusted prompts; (3) avoid instructing sending images via Telegram unless the skill declares and uses Telegram credentials securely; (4) if the included token might be real, assume it is compromised and rotate/revoke it immediately. If you need help making these fixes, request a version that uses environment variables for credentials and safe HTTP calls.
Capability Analysis
Type: OpenClaw Skill
Name: cloudflare-image-gen
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/generate_image.py`. The `subprocess.run(cmd, shell=True)` call embeds user-controlled input (`prompt`) directly into a `curl` command string without proper sanitization, allowing an attacker to execute arbitrary shell commands. Additionally, a Cloudflare API token (`aCTA2KaKa1n3ayFDL-LPmZ-JgUC0HHgA5Msy18Bk`) is hardcoded in both `SKILL.md` and `scripts/generate_image.py`, posing a credential exposure risk.
Capability Assessment
Purpose & Capability
The name/description (Cloudflare image generation) match the included script which calls Cloudflare's AI endpoint; functionality is coherent. However, instead of asking the user to provide their own Cloudflare credentials, the skill contains hard-coded Account ID and Token in SKILL.md and the script, which is unexpected for a shared skill.
Instruction Scope
Runtime instructions reference absolute paths under /home/ubuntu/.openclaw and explicitly instruct sending the result via Telegram even though no Telegram credentials or integration are declared. The script writes API responses to /tmp/cf_response.json and uses hardcoded credentials — these broaden the scope beyond a minimal image-generation helper.
Install Mechanism
No install spec (instruction-only + a small script). Nothing is downloaded or installed by the skill itself.
Credentials
No required env vars are declared, yet a bearer token and account ID are embedded in both SKILL.md and the script. Publishing credentials inside the skill is disproportionate and risky — anyone with the skill can use that token. The skill also instructs sending images via Telegram without declaring or requesting Telegram credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not request elevated or persistent platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cloudflare-image-gen - After installation, invoke the skill by name or use
/cloudflare-image-gen - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Cloudflare-image-gen 1.0.0 initial release:
- Added support for generating images using Cloudflare Workers AI flux-1-schnell model via API.
- Provided command line and Python function usage for image generation from text prompts.
- Images are saved as PNGs, with output file path returned for further use.
- Instructions included for integrating image output with Telegram.
Metadata
Frequently Asked Questions
What is Cloudflare Image Generation?
Generate images using Cloudflare Workers AI flux-1-schnell model. Use when user requests image generation with text-to-image using Cloudflare Workers API. It is an AI Agent Skill for Claude Code / OpenClaw, with 1223 downloads so far.
How do I install Cloudflare Image Generation?
Run "/install cloudflare-image-gen" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cloudflare Image Generation free?
Yes, Cloudflare Image Generation is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Cloudflare Image Generation support?
Cloudflare Image Generation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cloudflare Image Generation?
It is built and maintained by EXPYSF98 (@expysf98); the current version is v1.0.0.
More Skills