← 返回 Skills 市场
expysf98

pick your

作者 EXPYSF98 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
361
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pick-your
功能描述
Generates multi-themed food collages (Burgers, Pizzas, Sushi, Salads, Desserts) with circle-masked images. Use when user asks for a collage of specific food...
安全使用建议
Do not run or deploy this skill without remediation. Specific steps to consider before installing: 1) Treat the hard-coded ACCOUNT_ID and TOKEN as sensitive — assume they are valid and could be used to consume or exfiltrate resources; remove the file or the credentials immediately. 2) Ask the author why generate_image.py is included and why it contains an embedded token; require replacing hard-coded creds with a documented environment variable and minimal-scope credentials. 3) If the token is yours, rotate/revoke it now. 4) If you must test, run only make_wings_collage.py in an isolated sandbox and verify it uses local image files (wings_style_collages/...). 5) Prefer skills with clear provenance (homepage, source repo) and documented external API usage. 6) Consider deleting or auditing generate_image.py (it uses shell=True curl and writes to /tmp) before allowing the skill to run in any privileged environment.
功能分析
Type: OpenClaw Skill Name: pick-your Version: 1.0.0 The skill contains a significant shell injection vulnerability in `scripts/generate_image.py` where user-provided prompts are unsafely interpolated into a `subprocess.run` call using `shell=True`. Additionally, the same file contains hardcoded Cloudflare API credentials (ACCOUNT_ID and TOKEN). While the skill's stated purpose of generating food collages in `scripts/make_wings_collage.py` appears legitimate, these security flaws allow for potential remote code execution and credential misuse.
能力评估
Purpose & Capability
The SKILL.md and make_wings_collage.py describe generating collages from local images (wings_style_collages/...). However the repository also contains scripts/generate_image.py which calls an external Cloudflare Workers AI endpoint and embeds a hard-coded ACCOUNT_ID and TOKEN. The skill declares no required credentials or network use, so the presence of hard-coded secrets and an external API client is disproportionate and unexplained.
Instruction Scope
SKILL.md instructs running make_wings_collage.py from an absolute workspace path and does not mention generate_image.py or any external network activity. generate_image.py, however, runs a shell curl command (via subprocess.run with shell=True), writes to /tmp, decodes base64 responses to files, and contains hard-coded credentials — behavior outside the stated scope and not documented in SKILL.md.
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself. However the included scripts can be executed directly; generate_image.py executes a shell curl command. No external archives or unusual installers are present.
Credentials
The skill declares no required environment variables or credentials, yet generate_image.py contains a clear hard-coded ACCOUNT_ID and TOKEN (sensitive secrets) embedded in the code. This is disproportionate and risky: credentials should not be hard-coded, and any external API access should be declared and scoped.
Persistence & Privilege
Flags show always:false and user-invocable:true (normal). The skill does not request permanent presence or claim to modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pick-your
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pick-your 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the "Pick Your" skill. - Generates 3x3 food collages with circular-masked images for selected themes. - Supports customizable titles like "PICK [X] [THEME]" automatically. - Features curated themes: Gourmet Burgers, Artisan Pizzas, Sushi Rolls, Healthy Salads, and Dessert Delights. - Includes a script for easy collage generation.
元数据
Slug pick-your
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

pick your 是什么?

Generates multi-themed food collages (Burgers, Pizzas, Sushi, Salads, Desserts) with circle-masked images. Use when user asks for a collage of specific food... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 361 次。

如何安装 pick your?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pick-your」即可一键安装,无需额外配置。

pick your 是免费的吗?

是的,pick your 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

pick your 支持哪些平台?

pick your 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 pick your?

由 EXPYSF98(@expysf98)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论