← 返回 Skills 市场
112
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install nova-canvas
功能描述
Generate images using Amazon Nova Canvas via AWS Bedrock. Supports multiple AWS auth methods: environment variables, credentials file, named profiles, IAM in...
安全使用建议
This skill appears to do what it says: call AWS Bedrock Nova Canvas and save images. Before installing, consider: (1) provenance — the source is unknown, so review the code yourself or run in an isolated environment; (2) credentials — the script will use AWS credentials (env vars, ~/.aws/credentials, profiles, instance role, or AWS_BEARER_TOKEN_BEDROCK). Do not supply high-privilege or long-lived credentials; create a least-privilege IAM role/policy scoped only to Bedrock (invoke-model) and prefer temporary session tokens. (3) dependency — boto3 may be required for the boto3 path; ensure your environment has it or the script will fail. (4) confirm you trust the bearer token provider if using AWS_BEARER_TOKEN_BEDROCK. If you cannot verify the owner or restrict credentials, run the script in a sandbox or decline installation.
功能分析
Type: OpenClaw Skill
Name: nova-canvas
Version: 1.1.0
The nova-canvas skill is a functional tool for generating images via Amazon Nova Canvas on AWS Bedrock. The script (scripts/generate.py) correctly implements standard AWS authentication methods using boto3 and provides an alternative path for bearer tokens via urllib, all targeting official AWS Bedrock endpoints. No evidence of data exfiltration, malicious execution, or prompt injection was found.
能力评估
Purpose & Capability
Name/description say 'Nova Canvas via AWS Bedrock' and both SKILL.md and generate.py implement calls to Bedrock (boto3 or direct HTTPS with a bearer token). Requiring AWS credentials is appropriate for this purpose. However, the registry metadata lists no required environment variables or primary credential even though the implementation references AWS_BEARER_TOKEN_BEDROCK and standard AWS credential methods (env vars, ~/.aws/credentials, profiles, explicit keys). This mismatch is an omission in metadata (not necessarily malicious) but reduces transparency.
Instruction Scope
SKILL.md and the script limit actions to building a Bedrock text->image request, invoking the model, decoding base64 images, and saving them locally. The instructions do not ask the agent to read arbitrary unrelated files; the only OS/config access is the standard AWS credential chain (env vars, ~/.aws/credentials, instance role) which is required to authenticate to Bedrock. Minor mismatch: SKILL.md lists an auto-detection order that differs slightly from detect_auth_method in the script.
Install Mechanism
There is no install spec (instruction-only), which is low risk for supply-chain downloads. However, the script imports boto3 if using the boto3 path and prints an error if it's missing (suggests pip install boto3). The absence of dependency declaration in metadata is a transparency shortcoming — user must ensure boto3 is installed in the runtime environment.
Credentials
The skill legitimately needs AWS credentials to call Bedrock and the script accepts multiple auth methods (bearer token via AWS_BEARER_TOKEN_BEDROCK, access key/secret, session token, profile, instance role). That is proportional to the task. Concern: the registry metadata does not declare these environment variables or a primary credential, so users may not realize the skill will access local AWS credentials. Also the bearer-token env var name suggests platform-managed tokens; confirm what will supply that token. Use of long-lived high-privilege keys would be risky — the skill itself will send requests only to AWS Bedrock endpoints, but it will have whatever access the provided credentials permit.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills, system-wide settings, or persist new credentials. It only writes output image files to the specified path and uses standard AWS credential resolution; no elevated persistence or privilege escalation is requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nova-canvas - 安装完成后,直接呼叫该 Skill 的名称或使用
/nova-canvas触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Support 8 AWS auth methods: Bearer token, IAM keys, profiles, credentials file, instance roles, SSO, session tokens, direct keys. Fixed region default to us-east-1.
v1.0.0
Initial release: multi-provider image generation (AWS Bedrock Nova Canvas, OpenAI DALL-E/GPT-Image, Stability AI). Auto-detect credentials.
元数据
常见问题
Nova Canvas 是什么?
Generate images using Amazon Nova Canvas via AWS Bedrock. Supports multiple AWS auth methods: environment variables, credentials file, named profiles, IAM in... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Nova Canvas?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nova-canvas」即可一键安装,无需额外配置。
Nova Canvas 是免费的吗?
是的,Nova Canvas 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nova Canvas 支持哪些平台?
Nova Canvas 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nova Canvas?
由 Garming(@wujiaming88)开发并维护,当前版本 v1.1.0。
推荐 Skills