← Back to Skills Marketplace
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install test-security
Description
AI image generation, editing, and background removal API via Bria.ai — remove backgrounds to get transparent PNGs and cutouts, generate images from text prom...
Usage Guidance
This skill otherwise looks like a standard Bria.ai client, but there are disclosure gaps you should resolve before installing. Specifically:
- The SKILL.md and bria_client.sh expect an API key (BRIA_API_KEY / BRIA_ACCESS_TOKEN) and will read ~/.bria/credentials, but the registry metadata lists no required env vars or config paths — ask the publisher to update metadata to declare these explicitly.
- The helper script uses curl, base64, sed and writes temporary files to /tmp; confirm those binaries are available in the environment where the skill will run and that temporary file usage is acceptable.
- The skill will direct users to external endpoints (engine.prod.bria-api.com and platform.bria.ai/device/verify). Verify those domains are legitimate for your organization and that sending images (or base64-encoded image data) to them complies with your data policies.
- If you plan to install, put the minimum-privilege API key into a secrets manager or dedicated account, not into a broadly accessible account. Test the skill in an isolated environment first, and ask the publisher for a homepage or official source (none is provided) to validate authenticity.
If the publisher can correct metadata to list BRIA_API_KEY/BRIA_ACCESS_TOKEN and the ~/.bria credential path (and document the required local binaries), the skill would be internally coherent; until then proceed cautiously.
Capability Analysis
Type: OpenClaw Skill
Name: test-security
Version: 1.0.0
The skill bundle provides a legitimate integration for the Bria.ai image generation and editing API. It includes a shell-based client (bria_client.sh) that handles authentication via OAuth2 device flow and manages API requests, including base64 encoding of local images for processing. Credentials are stored locally in ~/.bria/credentials, and all network traffic is directed to the official Bria.ai production endpoints (engine.prod.bria-api.com). The instructions in SKILL.md are well-structured for an AI agent and do not contain any malicious prompt injection or unauthorized data exfiltration logic.
Capability Assessment
Purpose & Capability
The skill's name, description, SKILL.md, API reference, and helper script all describe Bria.ai image generation and background removal — that purpose is consistent with the code. However, the registry metadata lists no required environment variables or config paths, yet the SKILL.md and bria_client.sh explicitly read ~/.bria/credentials and expect BRIA_API_KEY/BRIA_ACCESS_TOKEN. The absence of declared credentials/config-path requirements in metadata is an inconsistency.
Instruction Scope
Runtime instructions and the included bash helper explicitly read ~/.bria/credentials, poll auth endpoints, write temporary JSON files to /tmp, and send images (or base64-encoded image data) to engine.prod.bria-api.com. Reading a local credentials file and using an API key is expected for an API integration, but the SKILL.md also instructs the agent how to authenticate (device flow) and to show a single sign-in link — these behaviors expand runtime scope and should be disclosed in metadata.
Install Mechanism
This is an instruction-only skill with no install spec and one helper script. No remote downloads or install-time code execution are present, so install-time risk is low.
Credentials
The skill needs an API key (BRIA_API_KEY / BRIA_ACCESS_TOKEN) and reads ~/.bria/credentials to retrieve it — that is proportionate to calling the Bria API. However, the skill did not declare a primary credential or required env vars/config paths in its registry metadata, which is a disclosure gap. Also, the helper script assumes presence of curl, base64, sed and writes temporary files to /tmp; these runtime expectations are not declared in metadata.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist configuration beyond creating ~/.bria/credentials during device auth. No elevated persistence or cross-skill modifications observed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install test-security - After installation, invoke the skill by name or use
/test-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the test-security skill, providing the bria-ai image generation and editing API.
- Enables background removal, image generation from prompts, editing, upscaling, and batch processing through Bria.ai.
- Detailed setup instructions for authentication, access token management, and billing status checking included.
- Commercially safe and royalty-free outputs via 20+ API endpoints tailored for e-commerce, web design, and content creation.
- Comprehensive usage guide and examples for product photography, social media, marketing assets, restoration, and automated pipelines.
Metadata
Frequently Asked Questions
What is Don't download?
AI image generation, editing, and background removal API via Bria.ai — remove backgrounds to get transparent PNGs and cutouts, generate images from text prom... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install Don't download?
Run "/install test-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Don't download free?
Yes, Don't download is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Don't download support?
Don't download is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Don't download?
It is built and maintained by Levdavid1 (@levdavid1); the current version is v1.0.0.
More Skills