← 返回 Skills 市场
wangziiiiii

Image Generator

作者 wangziiiiii · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
369
总下载
1
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install siliconflow-image-generator
功能描述
SiliconFlow text-to-image and image-to-image generation for covers, posters, and campaign creatives. Use when users ask 生成配图/做海报/文生图/图生图. Supports prompt-dri...
安全使用建议
This skill appears to implement the described SiliconFlow image-generation functionality, but pay attention to a few issues before installing or running it: - Verify where it will look for your API key. The SKILL.md mentions ~/.openclaw/openclaw.json and environment variables (SILICONFLOW_API_KEY, API_KEY), but the scripts are hard-coded to E:/openclaw/.openclaw/openclaw.json (Windows absolute path). If you rely on automatic config discovery, confirm the script will actually find the correct file — otherwise set SILICONFLOW_API_KEY explicitly. - Review the bundled scripts yourself. They POST to api.siliconflow.cn, which is expected; they also read any image file you pass via image_path and base64-embed it for upload. Ensure you only supply files you intend to send. - The package has no install/spec for dependencies. The scripts require the Python 'requests' library; run them in a controlled Python environment (virtualenv) and install requests before use. - Because the scripts attempt to read a local OpenClaw config file, check that file for other secrets you would not want a third-party script to access. If you are uncertain, set the API key via environment variable instead of relying on auto-discovery. - If you do not trust the source (owner and homepage are unknown), run the scripts in an isolated environment (container/VM) or inspect/modify the code first. If you can confirm the config-path behavior and run in a controlled environment (or provide the API key via env var), the skill is functionally coherent. The hard-coded path, duplicated CONFIGS entries, and missing dependency declaration are the primary issues to address.
功能分析
Type: OpenClaw Skill Name: siliconflow-image-generator Version: 1.0.1 The skill provides image generation via the SiliconFlow API, but contains a significant vulnerability in `scripts/img2img.py`. The script reads arbitrary local files specified by the `image_path` parameter and sends their base64-encoded content to the external endpoint `api.siliconflow.cn`. While intended for image processing, this lacks path sanitization and could be exploited to exfiltrate sensitive system files. Additionally, both `scripts/img2img.py` and `scripts/txt2img.py` contain hardcoded Windows-specific absolute paths (`E:/openclaw/.openclaw/openclaw.json`) for credential harvesting from the OpenClaw configuration.
能力评估
Purpose & Capability
The scripts implement text-to-image and image-to-image calls to the declared SiliconFlow endpoint and model (https://api.siliconflow.cn/v1/images/generations, model Kwai-Kolors/Kolors), which matches the skill description. However, the code looks for OpenClaw configuration at a hard-coded Windows path (E:/openclaw/.openclaw/openclaw.json) while the SKILL.md tells users to use ~/.openclaw/openclaw.json; duplicate entries and the absolute E: drive path are inconsistent and unexpected. The scripts also include unrelated 'Related sites' links in the README (jisuapi), which are not needed for image generation.
Instruction Scope
The SKILL.md instructs the agent to run the provided Python scripts and to provide prompts and optional image inputs. The scripts read the image supplied by the user (image_path/image_base64/image_url) and will base64-embed a local image when image_path is used — this is expected behavior for image upload. The scripts also attempt to read an OpenClaw config file to discover an API key; that file read is limited to the configured path(s) but could expose any secrets stored there if present. There is no instruction or code that reads arbitrary other system files or transmits data to unexpected endpoints beyond SiliconFlow.
Install Mechanism
This is instruction-only (no installer) but includes Python scripts that depend on the 'requests' package. There is no install spec or dependency declaration to ensure 'requests' (or a specific Python version) is present. That is an operational omission (not necessarily malicious) but can cause runtime failures and surprises when users run the scripts. Having code bundled without a clear install/dependency step is a coherence problem.
Credentials
The only credentials the code tries to use are SILICONFLOW_API_KEY or API_KEY env vars, or an API key parsed from an OpenClaw config file. Those are proportionate to calling the remote image API. However, the code's hard-coded config path(s) may not match the user's real OpenClaw config location, and reading a local config file could surface other stored secrets if that file includes unrelated keys. The skill's registry metadata stated 'no required env vars' (i.e., none mandatory), which is consistent with the scripts supporting but not requiring environment variables.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills' configs, and does not request elevated platform privileges. It only contains runnable scripts and uses network calls to the SiliconFlow API — expected for this functionality.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install siliconflow-image-generator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /siliconflow-image-generator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Sync latest local fixes and docs
v1.0.0
Launch public skill with clearer landing copy
元数据
Slug siliconflow-image-generator
版本 1.0.1
许可证 MIT-0
累计安装 3
当前安装数 2
历史版本数 2
常见问题

Image Generator 是什么?

SiliconFlow text-to-image and image-to-image generation for covers, posters, and campaign creatives. Use when users ask 生成配图/做海报/文生图/图生图. Supports prompt-dri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 369 次。

如何安装 Image Generator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install siliconflow-image-generator」即可一键安装,无需额外配置。

Image Generator 是免费的吗?

是的,Image Generator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Image Generator 支持哪些平台?

Image Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Image Generator?

由 wangziiiiii(@wangziiiiii)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论