← 返回 Skills 市场
135
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install picwish-skills
功能描述
Root routing skill for PicWish (佐糖) image processing capabilities. Routes to: picwish-segmentation, picwish-face-cutout, picwish-upscale, picwish-object-remo...
安全使用建议
This package appears to do what it says — call PicWish APIs and save results. Before installing or invoking: 1) Provide PICWISH_API_KEY from a trusted source (or keep it only in environment variables if you don't want code reading ~/.openclaw/config.json). 2) Inspect any oc-workspace.mjs you keep at ~/.openclaw/workspace/scripts/ before using the skill — the skill may execute that script to determine output routing. 3) Result URLs returned by the API may contain short-lived auth tokens; treat them as sensitive and avoid pasting them into public places. 4) The skill requires Node ≥18 and will write files to your output directory (cwd/output, visual output under OPENCLAW_HOME, or ~/Downloads fallback); confirm those locations are acceptable. If you want minimal exposure, set PICWISH_API_KEY in the environment and remove or audit oc-workspace.mjs so the skill cannot run unexpected local code.
功能分析
Type: OpenClaw Skill
Name: picwish-skills
Version: 1.0.7
The skill bundle provides a well-structured integration for PicWish image processing APIs. It demonstrates high security awareness by implementing a robust path validation function in `scripts/run_task.mjs` that explicitly blacklists sensitive directories (e.g., .ssh, .aws, .gnupg) and restricts file access to specific image extensions. While the script can execute a local helper (`oc-workspace.mjs`), it includes safeguards to ensure the script resides within the user's home directory and uses `fs.realpathSync` to prevent symlink-based path traversal. The instructions in `SKILL.md` and the dedicated `SECURITY.md` are defensive, explicitly directing the AI agent to ignore prompt injection attempts and protect user credentials.
能力评估
Purpose & Capability
The skill routes to PicWish sub-skills and the packaged Node.js code implements HTTP requests to PicWish endpoints, polling, download, and local output handling. Declared file read/write/exec permissions (reading OpenClaw config, workspace scripts, writing outputs, executing node) are consistent with the described behavior.
Instruction Scope
Runtime instructions limit operations to resolving images, calling PicWish APIs, polling, and saving results. The code may execute a local helper script (~/.openclaw/workspace/scripts/oc-workspace.mjs) if present — this is intentionally user-managed to route outputs. Executing a user-controlled script is expected for workspace integration but is a potential escalation point if an attacker already controls that path; the code includes checks (restricting to OPENCLAW_HOME under the user's homedir and resolving realpath) which reduce risk.
Install Mechanism
There is no network install step or remote code download in the package metadata. The skill is distributed with Node.js source files and a package.json but no install script fetching external artifacts; no high-risk install URLs observed.
Credentials
The only required credential is PICWISH_API_KEY (with optional PICWISH_REGION). The code also respects optional PICWISH_BASE_URL and polling-related env vars (documented). It reads the OpenClaw config to obtain the API key when not provided via env — this is justified by the design and declared in SKILL.md/_meta.json.
Persistence & Privilege
Skill does not request always:true, does not persist itself or modify other skills, and only executes node (declared). It may run a user-managed oc-workspace helper but only under safe path checks. Autonomous invocation is allowed by default (platform normal) and is not combined with other concerning flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install picwish-skills - 安装完成后,直接呼叫该 Skill 的名称或使用
/picwish-skills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
fix: bugs
v1.0.6
fix: bugs
v1.0.5
fix: bugs
v1.0.4
fix: bugs
v1.0.3
fix: bugs
v1.0.2
fix: bugs
v1.0.1
fix: bugs
v1.0.0
Initial release: 11 image processing skills including segmentation, face cutout, upscale, object removal, watermark removal, ID photo, colorize, compress, OCR, smart crop, and clothing segmentation.
元数据
常见问题
Picwish Skills 是什么?
Root routing skill for PicWish (佐糖) image processing capabilities. Routes to: picwish-segmentation, picwish-face-cutout, picwish-upscale, picwish-object-remo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 135 次。
如何安装 Picwish Skills?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install picwish-skills」即可一键安装,无需额外配置。
Picwish Skills 是免费的吗?
是的,Picwish Skills 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Picwish Skills 支持哪些平台?
Picwish Skills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Picwish Skills?
由 px94(@px94)开发并维护,当前版本 v1.0.7。
推荐 Skills