← 返回 Skills 市场
39
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install codex-image-server
功能描述
Use when a user wants to turn local Codex image_generation capability into a local HTTP image server for apps such as Photoshop plugins, design tools, or int...
使用说明 (SKILL.md)
Codex Image Server
Use this skill to help a user expose local Codex image generation as a local HTTP API that another app can call.
Workflow
- Inspect the target Codex installation or source repo.
- Prefer a wrapper service around
codex execwhen the installed Codex package should stay untouched. - Add a local HTTP server with these routes:
GET /healthzGET /v1/capabilitiesPOST /v1/images/generateGET /v1/images/:id/file
- Keep authentication optional by default for loopback use. Do not require an API key unless the target app explicitly needs one.
- Pass references as original image files through Codex image inputs. Avoid sampling or screenshot downscaling.
- Support up to 4 images per request. Run workers concurrently, and make each candidate distinct.
- Wire cancellation through
AbortSignal. If the HTTP client disconnects or cancels, terminate the fullcodex execprocess group. - Validate gpt-image-2 custom sizes:
- longest edge \x3C= 3840
- total pixels between 655360 and 8294400
- width and height multiples of 16
- aspect ratio \x3C= 3:1
- Store generated files in a stable output directory and return both metadata and file URLs.
- Run the verification checklist before reporting completion.
References
- Read
references/http-contract.mdbefore implementing the API surface. - Use
templates/codex-image-server.jsas a concrete Node server template when the target repo has no implementation. - Use
scripts/smoke-test.mjsto check health, capabilities, and cancellation after the server starts.
Verification
Run these checks against the local server:
node scripts/smoke-test.mjs http://127.0.0.1:17341
Then test the consuming app:
curl -sS http://127.0.0.1:17341/v1/capabilities
curl -sS -m 3 http://127.0.0.1:17341/v1/images/generate \
-H 'Content-Type: application/json' \
-d '{"prompt":"cancel test","count":4,"size":"1024x1024","quality":"low"}' || true
ps aux | rg -i 'codex exec|codex-image-server'
The process check should not show leftover codex exec workers after cancellation.
安全使用建议
Review before installing. If you use it, explicitly set the backend you want, avoid exposing the server beyond 127.0.0.1, consider enabling an API token and restricted CORS, and make sure you understand whether your OpenAI API key, prompts, and reference images will be used by the template.
功能分析
Type: OpenClaw Skill
Name: codex-image-server
Version: 0.1.0
The skill bundle contains a significant path traversal vulnerability in the `templates/codex-image-server.js` file, specifically within the `/v1/images/:id/file` route. The `id` parameter is extracted from the URL and used in a `path.join` operation without sanitization, potentially allowing an attacker to read arbitrary files from the host system. Additionally, the server template executes local system commands via `child_process.spawn` to interact with the `codex` CLI and manages sensitive credentials like `OPENAI_API_KEY`. While these high-privilege capabilities are aligned with the skill's stated purpose of wrapping a local image generation tool, the lack of input validation on file paths constitutes a meaningful security risk.
能力标签
能力评估
Purpose & Capability
The stated purpose is a local Codex image-generation HTTP server, but the template also auto-selects an OpenAI backend when an OpenAI API key is present, which is not disclosed in the metadata or main workflow.
Instruction Scope
The workflow intentionally exposes local image generation over HTTP and runs concurrent workers; this is purpose-aligned, but users should understand that HTTP callers can trigger generation work.
Install Mechanism
There is no install spec, and the included commands are user-directed verification steps. However, the registry requirements do not declare Node/Codex or the optional OpenAI environment variables used by the template.
Credentials
The template reads OPENAI_API_KEY/CODEX_IMAGE_SERVER_OPENAI_API_KEY and switches backend behavior based on those variables despite the registry declaring no credentials or required environment variables.
Persistence & Privilege
Generated image files are stored in a stable output directory and codex exec process groups are spawned/terminated; this is disclosed and aligned with the server purpose, but it creates persistent local outputs and local worker processes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install codex-image-server - 安装完成后,直接呼叫该 Skill 的名称或使用
/codex-image-server触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial Codex image server extraction from Lightyear Banana.
元数据
常见问题
Codex Image Server 是什么?
Use when a user wants to turn local Codex image_generation capability into a local HTTP image server for apps such as Photoshop plugins, design tools, or int... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 39 次。
如何安装 Codex Image Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install codex-image-server」即可一键安装,无需额外配置。
Codex Image Server 是免费的吗?
是的,Codex Image Server 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Codex Image Server 支持哪些平台?
Codex Image Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Codex Image Server?
由 CatREFuse(@catrefuse)开发并维护,当前版本 v0.1.0。
推荐 Skills