← 返回 Skills 市场
158
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install nasplycc-clawra-selfie
功能描述
Generate Clawra-style selfie images with a Qwen-first image backend (with optional Gemini and HF fallback) and send them to messaging channels via OpenClaw.
安全使用建议
Before installing or running this skill: 1) Review and set required API keys (QWEN_API_KEY or HF_TOKEN; GEMINI_API_KEY only if you enable Gemini). The registry metadata incorrectly lists no required env vars—trust the SKILL.md/scripts instead. 2) Inspect scripts before running any curl|bash installer; prefer cloning the GitHub repo with git and review install.sh. 3) Update the hard-coded paths (/home/Jaben/...) in scripts/ts to match your system (or install under that exact path) to avoid accidental access to other directories or failures. 4) Store API tokens with least privilege and separate tokens for demo/testing; avoid reusing high-privilege keys. 5) Consider running the skill in an isolated account/container and keep private reference images out of public repos. 6) If you plan to reuse the included TypeScript wrapper, change the absolute script path to a relative or configurable location so it won't execute unintended files. If these issues are addressed (metadata fixed, paths parameterized, install guidance removed or made safer), the skill's risk would be much lower.
功能分析
Type: OpenClaw Skill
Name: nasplycc-clawra-selfie
Version: 1.1.3
The skill bundle is a functional tool for generating AI images using Qwen, Gemini, or Hugging Face APIs and routing them to messaging channels via OpenClaw. The code logic in 'clawra-selfie.sh' and 'clawra-selfie.ts' is transparent and aligns with the stated purpose of the skill. While the bundle contains hardcoded absolute paths referencing a specific user environment ('/home/Jaben/') and suggests a 'curl | bash' installation method in the README—both of which are poor security practices—there is no evidence of malicious intent, data exfiltration, or unauthorized system modification.
能力评估
Purpose & Capability
The skill's stated purpose (generate/send Clawra-style selfies) matches the code: it calls image backends (Qwen/Gemini/HF) and sends outputs via OpenClaw. However the registry metadata claims 'required env vars: none' and 'primary credential: none' while SKILL.md and scripts clearly require QWEN_API_KEY or HF_TOKEN (and optionally GEMINI_API_KEY). This mismatch between declared requirements and actual runtime needs is an incoherence the user should be aware of.
Instruction Scope
SKILL.md and scripts instruct reading/writing workspace files and reference explicit absolute paths under /home/Jaben/.openclaw/workspace-clawra-bot/... and OUTPUT_DIR defaults to /home/Jaben/.openclaw/... The TypeScript wrapper also calls an absolute script path (/home/Jaben/.openclaw/skills/clawra-selfie/scripts/clawra-selfie.sh). These hard-coded paths extend the skill's scope to a specific user's filesystem and may fail or unintentionally access other files on different systems. The script will also send network traffic to third‑party APIs (DashScope/Qwen, Hugging Face, Gemini) which is expected but requires provided API keys.
Install Mechanism
There is no registry install spec, but an included scripts/install.sh clones the GitHub repo (standard), and README suggests a curl|bash one-liner that downloads the installer. 'curl | bash' style install is convenient but risky; the included install.sh itself uses git clone which is lower risk. No obscure download URLs or IPs are used, but running remote install scripts without review is a common vector for supply-chain issues.
Credentials
Requested credentials (QWEN_API_KEY, HF_TOKEN, optional GEMINI_API_KEY) are appropriate for image-generation backends and proportional to the skill's function. The problem is that the skill metadata in the registry does not declare these env vars, causing a transparency gap. Also the script will inherit and pass process.env through to child processes (normal), so be mindful of token exposure in logs or stdout/stderr.
Persistence & Privilege
The skill does not request always:true and doesn't modify other skills' config. It writes generated images to a workspace directory and reads possible reference images from hard-coded paths. Those write/read actions are expected for this functionality, but the hard-coded /home/Jaben paths create a persistence/privilege mismatch for other users and could cause accidental reads/writes in unexpected locations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nasplycc-clawra-selfie - 安装完成后,直接呼叫该 Skill 的名称或使用
/nasplycc-clawra-selfie触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.3
Prefer QWEN_API_KEY in README examples and quick-start
v1.1.2
Sync Qwen-first wording and remove outdated persona suffix
v1.1.1
Sync README with Qwen-first backend wording and refresh docs metadata
v1.1.0
Add Qwen backend, update README showcase, and sync official face assets
v1.0.0
Initial public release: HF-based OpenClaw selfie skill with README, install script, and ClawHub distribution.
元数据
常见问题
Clawra Selfie 是什么?
Generate Clawra-style selfie images with a Qwen-first image backend (with optional Gemini and HF fallback) and send them to messaging channels via OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 158 次。
如何安装 Clawra Selfie?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nasplycc-clawra-selfie」即可一键安装,无需额外配置。
Clawra Selfie 是免费的吗?
是的,Clawra Selfie 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Clawra Selfie 支持哪些平台?
Clawra Selfie 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawra Selfie?
由 nasplycc(@nasplycc)开发并维护,当前版本 v1.1.3。
推荐 Skills