功能描述

Generate images using Coze AI platform. Supports text-to-image generation with automatic Base64 encoding for inline preview. Use when you need to create imag...

使用说明 (SKILL.md)

Coze Image Generation Skill

Name: Coze Image Skill
Author: pgyppp

Generate images from text prompts using the Coze AI platform. This skill handles the complete workflow: submitting prompts, parsing SSE responses, downloading images, and returning Base64-encoded data URIs for inline display.

Usage

Basic Usage

from coze_image_skill import run

result = run({
    "text": "一只可爱的小猫，毛茸茸的，大眼睛，坐在窗台上",
    "api_token": "your_coze_api_token"
})

# Result contains:
# - image: data:image/jpeg;base64,... (inline Base64)
# - mime_type: image/jpeg
# - filename: generated-image.jpeg
# - source_url: original image URL

With Custom Configuration

result = run({
    "prompt": "a cute orange cat playing on grass, sunny day",
    "api_token": "your_token",
    "project_id": "your_project_id",
    "session_id": "your_session_id",
    "timeout": 90,
    "include_debug": True
})

Environment Variables

Set these in your OpenClaw configuration or .env file:

Variable	Description	Default
`IMAGE_API_TOKEN`	Coze API authentication token	Required
`IMAGE_API_URL`	Coze stream_run endpoint	`https://6fj9k4p9x3.coze.site/stream_run`
`IMAGE_API_PROJECT_ID`	Coze project ID	`7621854258107039796`
`IMAGE_API_SESSION_ID`	Coze session ID	`mT8SQeCGgTMZNBsJEiRuN`
`IMAGE_API_TIMEOUT`	Request timeout in seconds	`60`

Parameters

Parameter	Type	Description
`text` or `prompt`	string	Image generation prompt (required)
`api_token`	string	Coze API token (or use env var)
`project_id`	string	Coze project ID (or use env var)
`session_id`	string	Coze session ID (or use env var)
`timeout`	int	Request timeout in seconds
`include_debug`	bool	Include debug info in response
`strict`	bool	Raise exceptions instead of returning error object

Response Format

Success

{
  "image": "data:image/jpeg;base64,/9j/4AAQSkZJRg...",
  "mime_type": "image/jpeg",
  "filename": "generated-image.jpeg",
  "source_url": "https://..."
}

Error

{
  "error": "Error message describing what went wrong",
  "image": null,
  "mime_type": null,
  "filename": null,
  "source_url": null
}

Features

SSE Streaming: Handles Coze's Server-Sent Events response format
Auto Download: Automatically downloads generated images and converts to Base64
Error Handling: Graceful error handling with structured error responses
Flexible Auth: Supports both inline token and environment variables
Debug Mode: Optional debug output for troubleshooting

Setup on ClawHub

Install the skill via ClawHub:
```
openclaw skills install coze-image
```

Configure your API token:

openclaw config set IMAGE_API_TOKEN your_token_here

Generate your first image:

Generate a picture of a sunset over the ocean

Troubleshooting

"Image URL not found in SSE response"

This means the Coze project returned text instead of an image. Make sure:

Your Coze bot has an image generation plugin enabled
The workflow is configured to return images
The prompt is appropriate for image generation

Authentication Errors

Verify your API token is valid and not expired
Check that the token has permission to access the project
Ensure environment variables are set correctly

Timeout Errors

Increase the timeout parameter (default 60s)
Check your network connection
The image generation may be taking longer than expected

License

MIT License - See license file for details.

Support

For issues or questions, please open an issue on the ClawHub repository.

安全使用建议

This skill's code implements Coze text-to-image generation but contains a few red flags you should address before installing or using it with real credentials: - Do not rely on the default IMAGE_API_URL/project/session values. The default domain (https://6fj9k4p9x3.coze.site) and IDs are baked into the skill; if you don't override them requests will go to that third-party host. Confirm the endpoint is legitimate or set your own. - Provide only a Coze API token dedicated to this use (avoid using tokens that grant broader access). The skill requires IMAGE_API_TOKEN; do not paste high-privilege or long-lived secrets unless you trust the endpoint. - The skill will download whatever URL it finds in the SSE response. This can lead to fetching attacker-controlled or internal-network URLs (SSRF/metadata access). Avoid running the skill in an environment where such fetches could reach sensitive internal services, or harden network egress rules. - The repository metadata is inconsistent (registry says no env vars required; SKILL.md/code require them) and package.json mixes Node metadata with a Python dependency. Treat this as sloppy packaging — consider reviewing and testing the Python script directly rather than trusting the package metadata. If you want to proceed: inspect and, if appropriate, modify scripts/coze_image_skill.py to (a) remove or change the default IMAGE_API_URL to a known-good endpoint, (b) restrict URL extraction/validation to expected domains or paths, and (c) review how debug info (project/session IDs) is returned so you don't unintentionally leak identifiers. If you are unsure, don't install the skill or test it in an isolated environment first.

功能分析

Type: OpenClaw Skill Name: coze-image Version: 1.0.0 The skill is configured to send the user's sensitive `IMAGE_API_TOKEN` to a specific, non-standard Coze subdomain (`6fj9k4p9x3.coze.site`) by default, as seen in `SKILL.md` and `scripts/coze_image_skill.py`. While Coze is a legitimate platform, this specific endpoint is a user-published bot rather than the official Coze API (api.coze.com), meaning the bot owner could potentially capture any tokens provided by users. This pattern of directing credentials to a third-party controlled endpoint is a high-risk configuration, though it lacks definitive proof of malicious intent.

能力评估

ℹ Purpose & Capability

The code (scripts/coze_image_skill.py) implements text-to-image via a Coze SSE endpoint and returns Base64 images, which matches the skill's stated purpose. However the published registry metadata stated 'no required env vars' while SKILL.md and the code require IMAGE_API_TOKEN (and default project/session IDs and an endpoint). Also package.json lists a Python dependency ('requests') in a Node manifest, which is inconsistent and unnecessary for the declared Python implementation.

⚠ Instruction Scope

SKILL.md and the code instruct the agent to POST to a configurable SSE endpoint, parse SSE events, extract any HTTP URL found in arbitrary fields, then download that URL and convert it to Base64. Extracting and fetching arbitrary URLs from upstream text can lead to unexpected network fetches (including internal or private addresses if the SSE contains them). The instructions do not read local files or other env vars, but they do permit the skill to fetch arbitrary external resources returned by the upstream service.

ℹ Install Mechanism

There is no install spec (instruction-only), so nothing is automatically downloaded at install time — lower install risk. However package.json includes 'autoUpdate': true and a dependency listed as 'requests' (a Python library) in a Node package manifest, which is inconsistent and may indicate sloppy packaging or confusion about install/update mechanisms.

⚠ Credentials

The skill reasonably needs an API token for the Coze service, which is declared in SKILL.md, but the registry metadata didn't mark any required env vars — an inconsistency. The SKILL.md and code also ship with hard-coded defaults for IMAGE_API_URL, IMAGE_API_PROJECT_ID, and IMAGE_API_SESSION_ID pointing at a specific third-party domain and IDs. Having a default endpoint baked in is risky: if users do not override it, the skill will make network requests to that host. Require only the API token would be proportional; shipping a default external endpoint and project/session IDs without explanation is concerning.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills' configuration. It can be invoked autonomously (default), which is normal for skills; nothing here elevates persistence or privilege beyond typical skill behavior.

版本历史

v1.0.0

- Initial release of coze-image skill for image generation via Coze AI platform. - Supports text-to-image generation with automatic Base64 encoding for inline preview. - Handles complete workflow: prompt submission, SSE response parsing, image download, and Base64 conversion. - Flexible authentication using API token (inline or via environment variables). - Features robust error handling and optional debug mode. - Easy installation and setup through ClawHub.

元数据

Slug coze-image

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Coze Image Skill 是什么？

Generate images using Coze AI platform. Supports text-to-image generation with automatic Base64 encoding for inline preview. Use when you need to create imag... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 91 次。

如何安装 Coze Image Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install coze-image」即可一键安装，无需额外配置。

Coze Image Skill 是免费的吗？

是的，Coze Image Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Coze Image Skill 支持哪些平台？

Coze Image Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Coze Image Skill？

由 pgyppp（@pgyppp）开发并维护，当前版本 v1.0.0。

Coze Image Skill