← 返回 Skills 市场
darkamenosa

Codex Imagen

作者 darkamenosa · GitHub ↗ · v0.2.6 · MIT-0
cross-platform ⚠ suspicious
100
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install codex-imagen
功能描述
Generate or edit raster images by calling the ChatGPT/Codex Responses image_generation tool directly with local Codex or OpenClaw OAuth credentials, then sav...
使用说明 (SKILL.md)

Codex Imagen

Generate or edit images by calling the ChatGPT/Codex backend directly with OAuth credentials already stored on the machine. This calls the native Responses image_generation tool, does not start codex app-server, does not need the Codex CLI binary, and does not require OPENAI_API_KEY.

Quick Start

Run the helper through Node for macOS, Linux, and Windows compatibility:

node {baseDir}/scripts/codex-imagen.mjs --timeout 300 'generate image follow this prompt, no refine: "a cinematic fantasy city at sunrise"'

Normal generation prints one generated image path per line. Diagnostics and progress go to stderr.

Use --json when the caller needs machine-readable metadata:

node {baseDir}/scripts/codex-imagen.mjs --json --timeout 300 --prompt 'generate a small blue lotus icon'

Ask for multiple outputs in the prompt. There is no --count flag:

node {baseDir}/scripts/codex-imagen.mjs --timeout 300 -o out/ --prompt 'generate 3 images of a monk mage'

Use --verbose or --debug for event-level progress, and --quiet when only stdout paths/JSON should be emitted.

Retry Behavior

The helper retries transient empty failures by default: network errors, HTTP 5xx responses, backend server_error / overloaded / unavailable responses, and dropped/incomplete streams that end before a completed image arrives. Default is --retries 4, meaning 5 total attempts, matching Codex's request retry shape.

Retries are intentionally not used for usage errors, auth errors, policy/input errors, rate limits, generation timeouts, or after an image has already been saved. If streaming saves partial images and then times out, the helper returns those saved paths instead of starting a duplicate generation. The --timeout value applies per generation attempt, so an outer OpenClaw exec.timeout must budget for retries when retries are enabled.

Use --no-retry or --retries 0 when an outer caller owns retry behavior.

Timeout Units

Use --timeout \x3Cseconds> for agent-facing calls. This intentionally matches OpenClaw's surrounding exec tool timeout value, which is also in seconds. For a 5 minute OpenClaw call, use --timeout 300.

--timeout-ms \x3Cmilliseconds> remains available for compatibility and sub-second tests. Do not use --timeout-ms 300 when you mean 5 minutes; that is only 0.3 seconds. Use either --timeout, --timeout-seconds, or --timeout-ms, not more than one in the same command.

Generation Timing

Image generation can be slow, especially when the prompt asks for multiple images. For chat-facing OpenZalo/OpenClaw calls:

  • Use --timeout 300 for ordinary one-image requests.
  • For prompts that ask for 3 images, prefer --timeout 600, or ask for 2 images when the conversation should return quickly.
  • If a 3-image request reaches the timeout after saving 1 or 2 images, the helper returns those saved paths with timed_out: true; this is a usable partial success, not a hang.
  • The --timeout value applies per generation attempt. If default retries are enabled, set the outer OpenClaw exec.timeout higher than the helper timeout budget, or reduce retries with --retries 1 / --no-retry.

Auth Discovery

The CLI reads existing OAuth JSON and sends Authorization: Bearer \x3Caccess> plus ChatGPT-Account-Id to https://chatgpt.com/backend-api/codex/responses.

Run a local auth check without generating:

node {baseDir}/scripts/codex-imagen.mjs --smoke

Auth lookup order:

  1. --auth
  2. CODEX_IMAGEN_AUTH_JSON, OPENCLAW_CODEX_AUTH_JSON, CODEX_AUTH_JSON
  3. OPENCLAW_AGENT_DIR/auth-profiles.json or PI_CODING_AGENT_DIR/auth-profiles.json
  4. OPENCLAW_AGENT_DIR/auth.json or PI_CODING_AGENT_DIR/auth.json
  5. ~/.openclaw/agents/main/agent/auth-profiles.json
  6. ~/.openclaw/agents/main/agent/auth.json
  7. ~/.openclaw/credentials/oauth.json
  8. CODEX_HOME/auth.json
  9. ~/.codex/auth.json

For OpenClaw, the current auth store is usually:

~/.openclaw/agents/main/agent/auth-profiles.json

Codex CLI is not required at runtime. The skill works with OAuth created by OpenClaw itself, for example openclaw onboard --auth-choice openai-codex or openclaw models auth login --provider openai-codex. It only needs an existing openai-codex OAuth profile; it does not perform the first browser login itself.

Profile selection follows OpenClaw first: explicit --auth-profile, CODEX_IMAGEN_AUTH_PROFILE / OPENCLAW_AUTH_PROFILE, OpenClaw config auth.order.openai-codex or configured auth.profiles, then sibling auth-state.json lastGood.openai-codex. Pass --auth-profile openai-codex:\x3Cid> when a specific OpenClaw profile should be used.

Output Paths

Use --out-dir or -o/--output when the caller needs a specific artifact location:

node {baseDir}/scripts/codex-imagen.mjs --out-dir ./openclaw-images --prompt 'generate three UI icon variants'
node {baseDir}/scripts/codex-imagen.mjs -o out/ --prompt 'generate 3 images of a monk mage'

--output image.png writes exactly that path for one image. If multiple images arrive, outputs are numbered as image-1.png, image-2.png, and so on. If --output has no extension or ends in /, it is treated as a directory. Without --output, automatic names use codex-imagen-\x3Ctimestamp>-\x3Coptional-index>-\x3Cimage-call-id>.png.

When --out-dir is not set, the script chooses the first available location:

  1. CODEX_IMAGEN_OUT_DIR
  2. OPENCLAW_OUTPUT_DIR
  3. OPENCLAW_AGENT_DIR/artifacts/codex-imagen
  4. OPENCLAW_STATE_DIR/artifacts/codex-imagen
  5. ./codex-imagen-output

Streaming is enabled by default and saves each image as soon as it arrives. If a run times out after partial results, already received images remain saved and are printed. Use --timeout 300 for chat-facing OpenClaw calls unless the user explicitly asks for a longer run, or --no-stream to request a non-streaming response.

Reference Images

Attach reference images explicitly. Do not use positional image paths; positional arguments are reserved for prompt text.

node {baseDir}/scripts/codex-imagen.mjs --input-ref ref1.png --input-ref ref2.jpg --prompt 'generate 3 images of him livestreaming in this world'
node {baseDir}/scripts/codex-imagen.mjs -i ref1.png -i ref2.jpg --prompt 'change the main character into a woman'
node {baseDir}/scripts/codex-imagen.mjs --image-url 'https://example.com/ref.png' --prompt 'use this image as the world reference'

Local images are converted to data:image/...;base64,... and sent as input_image items. --input-ref accepts local paths, http(s) URLs, and data:image/... URLs. -i/--image is local-only, and --image-url is URL/data-URL only. Supported local formats are PNG, JPEG, GIF, and WebP. Use --image-detail auto|low|high|original when the model should receive lower or higher image detail; default is high. Use smaller JPEG references when high-fidelity pixel detail is not needed.

OAuth Refresh

The CLI refreshes expired or near-expiry OAuth tokens through https://auth.openai.com/oauth/token and writes the updated token back to the same auth file. The default OAuth refresh skew is 5 minutes, matching OpenClaw's OAuth usability margin. For OpenClaw auth-profiles.json, refresh uses OpenClaw-compatible cross-agent OAuth refresh locking, then locks the auth store before rereading and writing credentials. It also inherits a fresh matching profile from the main OpenClaw agent store when the current agent/workspace auth store is stale. This avoids refresh_token_reused races when multiple OpenClaw or agent processes share one openai-codex profile.

When auth is auto-discovered and the first auth file is irrecoverably stale, the CLI tries the next compatible auth source, such as CODEX_HOME/auth.json or ~/.codex/auth.json. Explicit --auth paths are not bypassed.

Use these controls when needed:

node {baseDir}/scripts/codex-imagen.mjs --refresh-only --json
node {baseDir}/scripts/codex-imagen.mjs --force-refresh --smoke --json
node {baseDir}/scripts/codex-imagen.mjs --no-refresh --prompt 'generate one image'

For concurrent OpenClaw processes, prefer the active OpenClaw agent's auth-profiles.json so every caller uses the same profile identity. Use --no-refresh only when the caller already owns OAuth refresh and wants this helper to use the provided access token as-is.

Use --base-url only for a compatible Codex backend, and --refresh-url only for a compatible OAuth refresh endpoint.

Cross-Platform Notes

The helper is plain Node.js 22+ with no native dependencies. It uses os.homedir() and environment overrides for Windows, Linux, and macOS. In cmd.exe, single quotes are not shell quotes; use double quotes or write UTF-8 text to a file and use:

node {baseDir}/scripts/codex-imagen.mjs --prompt-file prompt.txt

Use --cwd \x3Cpath> when another agent launches this script from an unpredictable working directory.

安全使用建议
This helper legitimately needs access to local Codex/OpenClaw OAuth profiles to call the Responses image_generation endpoint and to refresh tokens. Before installing: 1) Review the scripts (they are included) yourself or a trusted reviewer to confirm they only call the expected endpoints; 2) Only run it with a dedicated OAuth profile (not your primary account) if possible; 3) Be cautious because the CLI will read and write auth files (it can refresh tokens) — back up important auth files first; 4) Avoid passing or allowing untrusted agents to set --base-url or --refresh-url (these default to chatgpt.com and auth.openai.com but can be overridden), as that could redirect tokens to arbitrary endpoints; 5) Prefer running the tool in an isolated environment or container if you don't fully trust the skill owner; 6) Verify the skill's provenance (repository/homepage/owner) — registry metadata shows no homepage/source URL, so confirm the upstream source before trusting. If you want, I can point out the exact code paths that read/write auth files and where the refresh and network calls occur.
功能分析
Type: OpenClaw Skill Name: codex-imagen Version: 0.2.6 The codex-imagen skill is a well-engineered utility designed to generate or edit images using the ChatGPT/Codex backend via existing local OAuth credentials. The core logic in scripts/codex-imagen.mjs implements robust authentication discovery across multiple standard paths (e.g., ~/.openclaw, ~/.codex), handles OAuth token refreshing with cross-process file locking, and manages image generation through legitimate OpenAI endpoints (chatgpt.com and auth.openai.com). The script follows security best practices by using atomic writes and restricted file permissions (0o600) for sensitive credential files, and it contains no evidence of data exfiltration, malicious execution, or prompt injection.
能力标签
cryptorequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (image generation via Codex/ChatGPT Responses using local OAuth) matches the code and SKILL.md: the CLI reads local OAuth profiles and calls the Codex Responses image_generation endpoint. Requiring node and having helper scripts is proportionate.
Instruction Scope
The runtime instructions and CLI intentionally enumerate many local auth file locations (OpenClaw/Codex paths), read those files, perform OAuth refreshes, and save generated images to disk. All of these actions are within scope for a tool that uses local OAuth to call the Responses backend, but the instructions/CLI also allow reading/writing multiple agent-wide auth stores (e.g., ~/.openclaw/agents/.../auth-profiles.json), which is broad and sensitive.
Install Mechanism
There is no network install; the package is instruction + included Node scripts. No arbitrary remote downloads or extract operations are present in the manifest. This is lower-risk from an install perspective.
Credentials
Although no required env vars are declared, the CLI reads many env vars/path candidates and will read and write local OAuth credentials across many locations and can perform token refreshes. It also accepts overridable --base-url and --refresh-url flags (and env overrides), which could be used to send tokens to arbitrary endpoints if an attacker can control arguments or environment. Access/modification of user OAuth tokens is high privilege and should be justified and limited.
Persistence & Privilege
always:false (good). The tool will modify auth stores (refresh tokens written back) and uses cross-process locking when touching OpenClaw auth files. Writing/updating OAuth credentials is normal for a refresh-capable helper, but it is a significant privilege; ensure you trust the skill and its author before allowing it to run with access to shared auth stores.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codex-imagen
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codex-imagen 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.6
codex-imagen 0.2.6 - Added GitHub Actions CI workflow for automated testing. - Introduced a standalone test script: `scripts/codex-imagen.test.mjs`. - Added a `.gitignore` to exclude node_modules, key artifacts, and environment files. - Expanded and clarified documentation, including retry, timeout, and streaming behavior, and new flags (`--timeout`, `--retries`, `--verbose`, `--quiet`, etc.). - Improved auth discovery and refresh instructions, now including more paths and details for OpenClaw integration.
v0.2.2
- Directly generates or edits raster images via ChatGPT/Codex backend using local Codex or OpenClaw OAuth credentials. - No longer requires Codex CLI, codex app-server, or OPENAI_API_KEY. - Flexible OAuth authentication discovery, supporting multiple common credential locations and OpenClaw profiles. - Supports output control with `--out-dir` and environment variables for image artifact paths. - Allows attaching multiple reference images using `--input-ref` with support for local files, URLs, and base64 data URLs; handles PNG, JPEG, GIF, and WebP. - Includes OAuth token refresh logic compatible with OpenClaw's locking for safe multi-process access. - Fully cross-platform and can be run as a plain Node.js 22+ script on Windows, macOS, and Linux.
元数据
Slug codex-imagen
版本 0.2.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Codex Imagen 是什么?

Generate or edit raster images by calling the ChatGPT/Codex Responses image_generation tool directly with local Codex or OpenClaw OAuth credentials, then sav... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 Codex Imagen?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codex-imagen」即可一键安装,无需额外配置。

Codex Imagen 是免费的吗?

是的,Codex Imagen 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Codex Imagen 支持哪些平台?

Codex Imagen 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codex Imagen?

由 darkamenosa(@darkamenosa)开发并维护,当前版本 v0.2.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论