← 返回 Skills 市场
965
总下载
0
收藏
10
当前安装
1
版本数
在 OpenClaw 中安装
/install pollinations-image
功能描述
Generate detailed images from text prompts using Pollinations.ai models with optional configuration, model selection, and advanced settings.
安全使用建议
This skill appears to implement a Pollinations image generator and is readable, but exercise caution before installing: 1) The scripts load .env files from the skill parent directory and the current working directory — move or audit any .env files that contain secrets so unrelated credentials aren't picked up. 2) The env loader uses eval to probe variables; untrusted .env contents could be risky—inspect .env files before running. 3) The scripts assume common CLI tools (curl, file, stat/realpath, sed, grep; python3 optional) but the metadata didn't declare these—ensure your environment provides them. 4) If you want to limit exposure, run the skill in an isolated directory or container, and don't keep sensitive keys in parent or current-directory .env files. Reviewing the provided generate.sh and lib/models.sh (they are included) is a good first step; if you need lower risk, ask the maintainer to remove loading of ../.env and $PWD/.env or to explicitly document required binaries and environment behavior.
功能分析
Type: OpenClaw Skill
Name: pollinations-image
Version: 1.0.0
The `generate.sh` script is classified as suspicious primarily due to its use of `eval` to execute the `curl` command for image generation. While attempts are made to sanitize inputs (e.g., URL encoding prompts, using `basename` for filenames), `eval` is a high-risk primitive that introduces a shell injection vulnerability if any part of the command string is not perfectly escaped or controlled. Additionally, the script attempts to load environment variables from `"$SCRIPT_DIR/../.env"`, which could inadvertently load an `.env` file from an unexpected parent directory, leading to unintended configuration or credential exposure. These are significant vulnerabilities, not clear malicious intent.
能力评估
Purpose & Capability
Name/description match the included scripts: the code implements an image generator targeting Pollinations.ai. However the metadata declared no required binaries while the scripts clearly depend on common CLI tools (curl, file, stat/realpath, date, grep, sed, possibly python3). That mismatch is not dangerous on its own but is a coordination inconsistency the user should be aware of.
Instruction Scope
SKILL.md instructs local use and an optional .env in the skill dir, but generate.sh reads environment files from SCRIPT_DIR/../.env and from $PWD/.env (broader than the documentation). The loader exports every key/value it finds and uses eval to check whether a variable is already set. Loading and eval-ing arbitrary .env content can pick up unrelated secrets from parent/current directories and creates risk of accidental variable exposure or injection if those files are untrusted.
Install Mechanism
No install spec is present (instruction-only + shell scripts). No remote downloads or archive extraction occur. This is low risk compared to skills that fetch and run arbitrary code.
Credentials
Declared requirements list no credentials, which matches API key being optional. But the script will load and export any key=value pairs found in ../.env and $PWD/.env — potentially pulling unrelated secrets into the process. It also will send POLLINATIONS_API_KEY as a Bearer header if present. Requesting no env variables is reasonable for an optional key, but the implicit reading of other .env files is disproportionate to the stated purpose.
Persistence & Privilege
The skill creates and writes its own files (.user.conf, .first-run-complete) and writes generated images to $HOME/.openclaw/workspace/outputs/pollinations-image. This is normal for a CLI tool and not over-privileged, but the hard-coded OUTPUT_DIR under $HOME/.openclaw is a persistent path you may want to review or change.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pollinations-image - 安装完成后,直接呼叫该 Skill 的名称或使用
/pollinations-image触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Pollinations Image Generation Skill.
- Generate images easily from the command line using Pollinations.ai.
- Supports model switching, persistent user configuration, and model comparison by quality, speed, and cost.
- Offers 5,000 free images per month via pollen grants.
- Modular and extensible design with simple setup and clear documentation.
- Includes scripts and examples for generating images, configuring defaults, and adding new models.
元数据
常见问题
Pollinations Image Generator 是什么?
Generate detailed images from text prompts using Pollinations.ai models with optional configuration, model selection, and advanced settings. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 965 次。
如何安装 Pollinations Image Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pollinations-image」即可一键安装,无需额外配置。
Pollinations Image Generator 是免费的吗?
是的,Pollinations Image Generator 完全免费(开源免费),可自由下载、安装和使用。
Pollinations Image Generator 支持哪些平台?
Pollinations Image Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pollinations Image Generator?
由 Aprilox(@aprilox)开发并维护,当前版本 v1.0.0。
推荐 Skills