← Back to Skills Marketplace
135
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install picwish-skills
Description
Root routing skill for PicWish (佐糖) image processing capabilities. Routes to: picwish-segmentation, picwish-face-cutout, picwish-upscale, picwish-object-remo...
Usage Guidance
This package appears to do what it says — call PicWish APIs and save results. Before installing or invoking: 1) Provide PICWISH_API_KEY from a trusted source (or keep it only in environment variables if you don't want code reading ~/.openclaw/config.json). 2) Inspect any oc-workspace.mjs you keep at ~/.openclaw/workspace/scripts/ before using the skill — the skill may execute that script to determine output routing. 3) Result URLs returned by the API may contain short-lived auth tokens; treat them as sensitive and avoid pasting them into public places. 4) The skill requires Node ≥18 and will write files to your output directory (cwd/output, visual output under OPENCLAW_HOME, or ~/Downloads fallback); confirm those locations are acceptable. If you want minimal exposure, set PICWISH_API_KEY in the environment and remove or audit oc-workspace.mjs so the skill cannot run unexpected local code.
Capability Analysis
Type: OpenClaw Skill
Name: picwish-skills
Version: 1.0.7
The skill bundle provides a well-structured integration for PicWish image processing APIs. It demonstrates high security awareness by implementing a robust path validation function in `scripts/run_task.mjs` that explicitly blacklists sensitive directories (e.g., .ssh, .aws, .gnupg) and restricts file access to specific image extensions. While the script can execute a local helper (`oc-workspace.mjs`), it includes safeguards to ensure the script resides within the user's home directory and uses `fs.realpathSync` to prevent symlink-based path traversal. The instructions in `SKILL.md` and the dedicated `SECURITY.md` are defensive, explicitly directing the AI agent to ignore prompt injection attempts and protect user credentials.
Capability Assessment
Purpose & Capability
The skill routes to PicWish sub-skills and the packaged Node.js code implements HTTP requests to PicWish endpoints, polling, download, and local output handling. Declared file read/write/exec permissions (reading OpenClaw config, workspace scripts, writing outputs, executing node) are consistent with the described behavior.
Instruction Scope
Runtime instructions limit operations to resolving images, calling PicWish APIs, polling, and saving results. The code may execute a local helper script (~/.openclaw/workspace/scripts/oc-workspace.mjs) if present — this is intentionally user-managed to route outputs. Executing a user-controlled script is expected for workspace integration but is a potential escalation point if an attacker already controls that path; the code includes checks (restricting to OPENCLAW_HOME under the user's homedir and resolving realpath) which reduce risk.
Install Mechanism
There is no network install step or remote code download in the package metadata. The skill is distributed with Node.js source files and a package.json but no install script fetching external artifacts; no high-risk install URLs observed.
Credentials
The only required credential is PICWISH_API_KEY (with optional PICWISH_REGION). The code also respects optional PICWISH_BASE_URL and polling-related env vars (documented). It reads the OpenClaw config to obtain the API key when not provided via env — this is justified by the design and declared in SKILL.md/_meta.json.
Persistence & Privilege
Skill does not request always:true, does not persist itself or modify other skills, and only executes node (declared). It may run a user-managed oc-workspace helper but only under safe path checks. Autonomous invocation is allowed by default (platform normal) and is not combined with other concerning flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install picwish-skills - After installation, invoke the skill by name or use
/picwish-skills - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
fix: bugs
v1.0.6
fix: bugs
v1.0.5
fix: bugs
v1.0.4
fix: bugs
v1.0.3
fix: bugs
v1.0.2
fix: bugs
v1.0.1
fix: bugs
v1.0.0
Initial release: 11 image processing skills including segmentation, face cutout, upscale, object removal, watermark removal, ID photo, colorize, compress, OCR, smart crop, and clothing segmentation.
Metadata
Frequently Asked Questions
What is Picwish Skills?
Root routing skill for PicWish (佐糖) image processing capabilities. Routes to: picwish-segmentation, picwish-face-cutout, picwish-upscale, picwish-object-remo... It is an AI Agent Skill for Claude Code / OpenClaw, with 135 downloads so far.
How do I install Picwish Skills?
Run "/install picwish-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Picwish Skills free?
Yes, Picwish Skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Picwish Skills support?
Picwish Skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Picwish Skills?
It is built and maintained by px94 (@px94); the current version is v1.0.7.
More Skills