← Back to Skills Marketplace

Sih.AI Photo Changer

Name: Sih.AI Photo Changer
Author: a3273283

by a3273283 · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

281

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sih-ai-photo-changer

Description

AI图片生成与编辑工具，使用Sih.AI API进行自然语言驱动的图片处理。支持换装、换背景、换脸、风格转换（动漫/粘土/油画等）、美颜修图等功能。当用户需要通过自然语言描述来编辑图片（如"把衣服换成bikini"、"背景换成海边"、"转换成动漫风格"）时使用此skill。

Usage Guidance

This skill will upload images (including local files you point it at) to a third-party service using an API key embedded in the script. Consider the following before installing or running it: - Do not run the script with sensitive or private images until you confirm where data is sent and who controls the API account. The embedded key means images will be processed under someone else's account. - Ask the maintainer to remove the hard-coded API token and require users to provide their own key (e.g., via an environment variable). Preferably, the SKILL.md should document the exact API host and data handling/privacy behavior. - If you already ran the script with your images, assume those images were transmitted to api.vwu.ai and review privacy implications. If you are the owner of the exposed token, rotate it immediately; if not, notify the service owner. - If you need this functionality but want to avoid third-party exposure, request a version that uses a user-provided API key and clearly documents where data is sent and retained. Given the hard-coded credential and lack of endpoint disclosure, treat this skill as suspicious and proceed only after the maintainer addresses these issues.

Capability Analysis

Type: OpenClaw Skill Name: sih-ai-photo-changer Version: 1.0.3 The skill bundle contains a hardcoded API bearer token in `scripts/image_gen.py`, which is a significant security risk. Furthermore, the script lacks input validation for the local file path provided in the `image_input` argument; this could be exploited via prompt injection to trick the agent into reading and exfiltrating sensitive local files to the external API endpoint (api.vwu.ai) by encoding them as base64 'images'.

Capability Assessment

ℹ Purpose & Capability

The code and SKILL.md implement image editing via a remote API, which matches the described purpose. However the script calls https://api.vwu.ai while the description refers to 'Sih.AI', and a bearer token is embedded in the code rather than declared as a user-provided credential. That mismatch and embedded credential are unexpected for a simple integration.

⚠ Instruction Scope

SKILL.md instructs the user to run scripts/image_gen.py and describes converting local files to Base64 and calling an API, but it does not name the actual API host or reveal that local images will be uploaded to an external service using a hard-coded token. Transmitting local image files (including potentially sensitive images) to an undocumented external endpoint is a privacy risk and should be disclosed explicitly.

✓ Install Mechanism

There is no install spec (instruction-only skill with an included script). That minimizes install risk. The script requires the 'requests' library but no installation instructions are provided — minor usability issue but not a direct security problem.

⚠ Credentials

The skill requests no environment variables, yet the script contains a hard-coded API token (API_TOKEN = "sk-..."). A legitimate design would require the user to supply their own API key via an env var or config; embedding someone else's secret in code is disproportionate and suspicious because it gives the remote service access to all images processed and could allow abuse of that account.

ℹ Persistence & Privilege

The skill is not 'always' and does not request system-wide privileges. However, because it can be invoked normally by the agent, autonomous invocation would allow the agent to send images to the remote endpoint using the embedded token. Autonomous invocation combined with the hard-coded credential increases the blast radius and privacy risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sih-ai-photo-changer
After installation, invoke the skill by name or use /sih-ai-photo-changer
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

修复base64编码格式：sihai-image-27模型使用纯base64，无需data:image前缀

v1.0.2

更新API调用方式，简化为纯Python脚本实现，支持图片URL和本地文件输入

Metadata

Slug sih-ai-photo-changer

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Sih.AI Photo Changer?

AI图片生成与编辑工具，使用Sih.AI API进行自然语言驱动的图片处理。支持换装、换背景、换脸、风格转换（动漫/粘土/油画等）、美颜修图等功能。当用户需要通过自然语言描述来编辑图片（如"把衣服换成bikini"、"背景换成海边"、"转换成动漫风格"）时使用此skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 281 downloads so far.

How do I install Sih.AI Photo Changer?

Run "/install sih-ai-photo-changer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sih.AI Photo Changer free?

Yes, Sih.AI Photo Changer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sih.AI Photo Changer support?

Sih.AI Photo Changer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sih.AI Photo Changer?

It is built and maintained by a3273283 (@a3273283); the current version is v1.0.3.

More Skills