← Back to Skills Marketplace

Clawra Selfie

Name: Clawra Selfie
Author: wangzhi8145

by wangzhi8145 · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

352

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-10

Description

Edit Clawra's reference image with Grok Imagine (xAI Aurora) and send selfies to messaging channels via OpenClaw

Usage Guidance

Before installing: (1) note the SKILL.md requires FAL_KEY and OPENCLAW_GATEWAY_TOKEN but the registry metadata does not list them — ask the publisher to update metadata to declare required secrets. (2) Understand what those secrets allow: FAL_KEY allows billed calls to fal.ai image-editing APIs; OPENCLAW_GATEWAY_TOKEN authorizes the OpenClaw gateway to send messages to channels (so treat it like a messaging credential). Only provide a minimal-scoped token and avoid sharing it. (3) Confirm the OpenClaw gateway the skill will hit is local/trusted (the docs reference http://localhost:18789); if your gateway is reachable remotely, the risk increases. (4) Consider policy/privacy issues: the skill generates realistic selfies (faces), which may have platform or legal restrictions. (5) Because this is an instruction-only skill with no provenance (source/homepage unknown), prefer running it in an isolated/testing environment first and request the publisher to: declare required env vars in registry metadata, provide a trusted source/homepage, and document token scopes. If you cannot verify those items, proceed cautiously or avoid installing.

Capability Analysis

Type: OpenClaw Skill Name: skill-10 Version: 0.1.0 The skill facilitates AI image editing and distribution but contains a shell injection vulnerability in its TypeScript implementation within SKILL.md. Specifically, the use of `child_process.exec` with unsanitized variables (`channel`, `messageCaption`) allows for arbitrary command execution if a user provides crafted input. While the behavior aligns with the stated purpose of using the fal.ai API (fal.run) and OpenClaw CLI, the lack of input sanitization in a high-privilege environment (requiring Bash and network access) poses a significant security risk.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes editing a fixed reference image via Fal.ai (Grok Imagine) and sending the result through OpenClaw — these requirements are coherent with the skill's description. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires FAL_KEY and OPENCLAW_GATEWAY_TOKEN. That metadata mismatch is unexpected and reduces transparency.

✓ Instruction Scope

The instructions are narrowly scoped: they (1) take a user prompt, (2) call fal.run/xai/grok-imagine-image/edit with a fixed public reference image, and (3) send the returned image URL to channels via the OpenClaw CLI or local gateway. The skill does not instruct reading unrelated files or system secrets. Note: the prompts focus on realistic selfies (face fully visible), which may have privacy/biometric policy implications depending on your environment.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no bundled code. No downloads or package installs are specified, so nothing is written to disk by the skill itself.

⚠ Credentials

The SKILL.md requires two environment values: FAL_KEY (Fal.ai API key) and OPENCLAW_GATEWAY_TOKEN (OpenClaw gateway token). Both are plausible for the described workflow, but the registry metadata did not declare these requirements. The gateway token in particular can authorize sending messages to arbitrary channels via the local OpenClaw API; if leaked or too-permissive, it could be abused. Also supplying FAL_KEY enables billable API calls. The absence of declared env vars in metadata is an incoherence that should be resolved before trusting the skill.

✓ Persistence & Privilege

The skill is not always: true and does not request persistent/privileged presence. It does instruct interacting with a local OpenClaw gateway but does not indicate modifying other skills or system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-10
After installation, invoke the skill by name or use /skill-10
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Clawra Selfie skill initial release. - Enables editing of Clawra's reference image using Grok Imagine (xAI Aurora) based on user-specified context. - Automatically detects selfie mode ("mirror" or "direct") from user input. - Sends generated selfies to various messaging channels (WhatsApp, Telegram, Discord, Slack, etc.) via OpenClaw. - Provides Bash and Node.js/TypeScript example scripts for integration and automation. - Requires FAL API key and OpenClaw Gateway token to function.

Metadata

Slug skill-10

Version 0.1.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Clawra Selfie?

Edit Clawra's reference image with Grok Imagine (xAI Aurora) and send selfies to messaging channels via OpenClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 352 downloads so far.

How do I install Clawra Selfie?

Run "/install skill-10" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawra Selfie free?

Yes, Clawra Selfie is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawra Selfie support?

Clawra Selfie is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawra Selfie?

It is built and maintained by wangzhi8145 (@wangzhi8145); the current version is v0.1.0.

More Skills