← Back to Skills Marketplace
39
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install codex-image-server
Description
Use when a user wants to turn local Codex image_generation capability into a local HTTP image server for apps such as Photoshop plugins, design tools, or int...
README (SKILL.md)
Codex Image Server
Use this skill to help a user expose local Codex image generation as a local HTTP API that another app can call.
Workflow
- Inspect the target Codex installation or source repo.
- Prefer a wrapper service around
codex execwhen the installed Codex package should stay untouched. - Add a local HTTP server with these routes:
GET /healthzGET /v1/capabilitiesPOST /v1/images/generateGET /v1/images/:id/file
- Keep authentication optional by default for loopback use. Do not require an API key unless the target app explicitly needs one.
- Pass references as original image files through Codex image inputs. Avoid sampling or screenshot downscaling.
- Support up to 4 images per request. Run workers concurrently, and make each candidate distinct.
- Wire cancellation through
AbortSignal. If the HTTP client disconnects or cancels, terminate the fullcodex execprocess group. - Validate gpt-image-2 custom sizes:
- longest edge \x3C= 3840
- total pixels between 655360 and 8294400
- width and height multiples of 16
- aspect ratio \x3C= 3:1
- Store generated files in a stable output directory and return both metadata and file URLs.
- Run the verification checklist before reporting completion.
References
- Read
references/http-contract.mdbefore implementing the API surface. - Use
templates/codex-image-server.jsas a concrete Node server template when the target repo has no implementation. - Use
scripts/smoke-test.mjsto check health, capabilities, and cancellation after the server starts.
Verification
Run these checks against the local server:
node scripts/smoke-test.mjs http://127.0.0.1:17341
Then test the consuming app:
curl -sS http://127.0.0.1:17341/v1/capabilities
curl -sS -m 3 http://127.0.0.1:17341/v1/images/generate \
-H 'Content-Type: application/json' \
-d '{"prompt":"cancel test","count":4,"size":"1024x1024","quality":"low"}' || true
ps aux | rg -i 'codex exec|codex-image-server'
The process check should not show leftover codex exec workers after cancellation.
Usage Guidance
Review before installing. If you use it, explicitly set the backend you want, avoid exposing the server beyond 127.0.0.1, consider enabling an API token and restricted CORS, and make sure you understand whether your OpenAI API key, prompts, and reference images will be used by the template.
Capability Analysis
Type: OpenClaw Skill
Name: codex-image-server
Version: 0.1.0
The skill bundle contains a significant path traversal vulnerability in the `templates/codex-image-server.js` file, specifically within the `/v1/images/:id/file` route. The `id` parameter is extracted from the URL and used in a `path.join` operation without sanitization, potentially allowing an attacker to read arbitrary files from the host system. Additionally, the server template executes local system commands via `child_process.spawn` to interact with the `codex` CLI and manages sensitive credentials like `OPENAI_API_KEY`. While these high-privilege capabilities are aligned with the skill's stated purpose of wrapping a local image generation tool, the lack of input validation on file paths constitutes a meaningful security risk.
Capability Tags
Capability Assessment
Purpose & Capability
The stated purpose is a local Codex image-generation HTTP server, but the template also auto-selects an OpenAI backend when an OpenAI API key is present, which is not disclosed in the metadata or main workflow.
Instruction Scope
The workflow intentionally exposes local image generation over HTTP and runs concurrent workers; this is purpose-aligned, but users should understand that HTTP callers can trigger generation work.
Install Mechanism
There is no install spec, and the included commands are user-directed verification steps. However, the registry requirements do not declare Node/Codex or the optional OpenAI environment variables used by the template.
Credentials
The template reads OPENAI_API_KEY/CODEX_IMAGE_SERVER_OPENAI_API_KEY and switches backend behavior based on those variables despite the registry declaring no credentials or required environment variables.
Persistence & Privilege
Generated image files are stored in a stable output directory and codex exec process groups are spawned/terminated; this is disclosed and aligned with the server purpose, but it creates persistent local outputs and local worker processes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install codex-image-server - After installation, invoke the skill by name or use
/codex-image-server - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial Codex image server extraction from Lightyear Banana.
Metadata
Frequently Asked Questions
What is Codex Image Server?
Use when a user wants to turn local Codex image_generation capability into a local HTTP image server for apps such as Photoshop plugins, design tools, or int... It is an AI Agent Skill for Claude Code / OpenClaw, with 39 downloads so far.
How do I install Codex Image Server?
Run "/install codex-image-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Codex Image Server free?
Yes, Codex Image Server is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Codex Image Server support?
Codex Image Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Codex Image Server?
It is built and maintained by CatREFuse (@catrefuse); the current version is v0.1.0.
More Skills