← Back to Skills Marketplace
965
Downloads
0
Stars
10
Active Installs
1
Versions
Install in OpenClaw
/install pollinations-image
Description
Generate detailed images from text prompts using Pollinations.ai models with optional configuration, model selection, and advanced settings.
Usage Guidance
This skill appears to implement a Pollinations image generator and is readable, but exercise caution before installing: 1) The scripts load .env files from the skill parent directory and the current working directory — move or audit any .env files that contain secrets so unrelated credentials aren't picked up. 2) The env loader uses eval to probe variables; untrusted .env contents could be risky—inspect .env files before running. 3) The scripts assume common CLI tools (curl, file, stat/realpath, sed, grep; python3 optional) but the metadata didn't declare these—ensure your environment provides them. 4) If you want to limit exposure, run the skill in an isolated directory or container, and don't keep sensitive keys in parent or current-directory .env files. Reviewing the provided generate.sh and lib/models.sh (they are included) is a good first step; if you need lower risk, ask the maintainer to remove loading of ../.env and $PWD/.env or to explicitly document required binaries and environment behavior.
Capability Analysis
Type: OpenClaw Skill
Name: pollinations-image
Version: 1.0.0
The `generate.sh` script is classified as suspicious primarily due to its use of `eval` to execute the `curl` command for image generation. While attempts are made to sanitize inputs (e.g., URL encoding prompts, using `basename` for filenames), `eval` is a high-risk primitive that introduces a shell injection vulnerability if any part of the command string is not perfectly escaped or controlled. Additionally, the script attempts to load environment variables from `"$SCRIPT_DIR/../.env"`, which could inadvertently load an `.env` file from an unexpected parent directory, leading to unintended configuration or credential exposure. These are significant vulnerabilities, not clear malicious intent.
Capability Assessment
Purpose & Capability
Name/description match the included scripts: the code implements an image generator targeting Pollinations.ai. However the metadata declared no required binaries while the scripts clearly depend on common CLI tools (curl, file, stat/realpath, date, grep, sed, possibly python3). That mismatch is not dangerous on its own but is a coordination inconsistency the user should be aware of.
Instruction Scope
SKILL.md instructs local use and an optional .env in the skill dir, but generate.sh reads environment files from SCRIPT_DIR/../.env and from $PWD/.env (broader than the documentation). The loader exports every key/value it finds and uses eval to check whether a variable is already set. Loading and eval-ing arbitrary .env content can pick up unrelated secrets from parent/current directories and creates risk of accidental variable exposure or injection if those files are untrusted.
Install Mechanism
No install spec is present (instruction-only + shell scripts). No remote downloads or archive extraction occur. This is low risk compared to skills that fetch and run arbitrary code.
Credentials
Declared requirements list no credentials, which matches API key being optional. But the script will load and export any key=value pairs found in ../.env and $PWD/.env — potentially pulling unrelated secrets into the process. It also will send POLLINATIONS_API_KEY as a Bearer header if present. Requesting no env variables is reasonable for an optional key, but the implicit reading of other .env files is disproportionate to the stated purpose.
Persistence & Privilege
The skill creates and writes its own files (.user.conf, .first-run-complete) and writes generated images to $HOME/.openclaw/workspace/outputs/pollinations-image. This is normal for a CLI tool and not over-privileged, but the hard-coded OUTPUT_DIR under $HOME/.openclaw is a persistent path you may want to review or change.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pollinations-image - After installation, invoke the skill by name or use
/pollinations-image - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the Pollinations Image Generation Skill.
- Generate images easily from the command line using Pollinations.ai.
- Supports model switching, persistent user configuration, and model comparison by quality, speed, and cost.
- Offers 5,000 free images per month via pollen grants.
- Modular and extensible design with simple setup and clear documentation.
- Includes scripts and examples for generating images, configuring defaults, and adding new models.
Metadata
Frequently Asked Questions
What is Pollinations Image Generator?
Generate detailed images from text prompts using Pollinations.ai models with optional configuration, model selection, and advanced settings. It is an AI Agent Skill for Claude Code / OpenClaw, with 965 downloads so far.
How do I install Pollinations Image Generator?
Run "/install pollinations-image" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pollinations Image Generator free?
Yes, Pollinations Image Generator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pollinations Image Generator support?
Pollinations Image Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pollinations Image Generator?
It is built and maintained by Aprilox (@aprilox); the current version is v1.0.0.
More Skills