← 返回 Skills 市场
lizhijun

Pixshop Creative API — Developer REST Endpoints

作者 KLeo · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
376
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pixshop-creative-api
功能描述
Pixshop 开发者 REST API — 图片生成/编辑、视频制作、提示词库、应用市场、社区 / Pixshop Developer REST API — image generation/editing, video, prompts, apps, community endpoints. Use when...
安全使用建议
This skill is largely a documentation page for Pixshop's REST endpoints, but it demonstrates ways to obtain tokens (installing a CLI and reading ~/.pixshop-config.json) without declaring required credentials. Before installing or enabling it: - Verify the skill's source or official Pixshop docs (no homepage/source provided here). - Prefer providing an explicit PIXSHOP_TOKEN environment variable rather than letting the agent run shell commands or read ~/.pixshop-config.json. - If you do not want the agent to access local files or run commands, remove or restrict allowed-tools (Bash/Read) or disable autonomous invocation for this skill. - If you consider installing the 'pixshop' npm CLI, review that package and its maintainers first (npm install -g runs code). - Be cautious with the Supabase examples: they reference apikeys and auth endpoints — never expose service anon/secret keys unless you intend to. If you want a low-risk integration, ask the skill author to declare required env vars (token) and remove instructions that encourage reading local config files or installing third-party CLIs.
功能分析
Type: OpenClaw Skill Name: pixshop-creative-api Version: 1.0.0 The skill bundle provides documentation for the Pixshop Creative API but requires high-risk capabilities that expand the agent's attack surface. Specifically, SKILL.md instructs the agent to use 'Bash' to install a global NPM package (npm install -g pixshop) and 'Read' to access a local configuration file (~/.pixshop-config.json) to retrieve an access token. While these actions are plausibly needed for the stated purpose of a developer tool, the reliance on shell execution and direct filesystem access to sensitive configuration data is classified as suspicious according to the provided security criteria.
能力评估
Purpose & Capability
The name/description match the SKILL.md content (REST endpoints for Pixshop). However, the instructions demonstrate auth acquisition (CLI login and reading ~/.pixshop-config.json, Supabase auth examples) even though the skill declares no required environment variables or primary credential. A REST-integration skill would normally declare a token env var (e.g., PIXSHOP_TOKEN).
Instruction Scope
SKILL.md contains explicit examples that read local configuration (cat ~/.pixshop-config.json) and install/run a 'pixshop' CLI. The skill header allows Bash and Read tools, which combined with those examples means the agent could be instructed to access local files/execute shell commands to obtain tokens. That expands scope beyond merely describing HTTP endpoints and could lead to unintended credential exposure.
Install Mechanism
This is instruction-only (no install spec, no code files). That is low-risk from an installation-perspective because nothing is downloaded or written by the skill itself.
Credentials
The API clearly requires an Authorization Bearer token, and examples reference an accessToken and Supabase apikey, but the skill declares no required env vars or primary credential. The absence of declared credentials is disproportionate to the documented auth needs and makes it unclear how the agent should obtain/store tokens safely.
Persistence & Privilege
always is false (normal). The skill allows Bash and Read in its header, enabling runtime shell and file reads; this is not inherently malicious but increases the blast radius if the agent is allowed to execute autonomously. No evidence the skill requests permanent presence or modifies other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pixshop-creative-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pixshop-creative-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug pixshop-creative-api
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pixshop Creative API — Developer REST Endpoints 是什么?

Pixshop 开发者 REST API — 图片生成/编辑、视频制作、提示词库、应用市场、社区 / Pixshop Developer REST API — image generation/editing, video, prompts, apps, community endpoints. Use when... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。

如何安装 Pixshop Creative API — Developer REST Endpoints?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pixshop-creative-api」即可一键安装,无需额外配置。

Pixshop Creative API — Developer REST Endpoints 是免费的吗?

是的,Pixshop Creative API — Developer REST Endpoints 完全免费(开源免费),可自由下载、安装和使用。

Pixshop Creative API — Developer REST Endpoints 支持哪些平台?

Pixshop Creative API — Developer REST Endpoints 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pixshop Creative API — Developer REST Endpoints?

由 KLeo(@lizhijun)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论