← 返回 Skills 市场
Clawra Selfie
作者
wangzhi8145
· GitHub ↗
· v0.1.0
352
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-10
功能描述
Edit Clawra's reference image with Grok Imagine (xAI Aurora) and send selfies to messaging channels via OpenClaw
安全使用建议
Before installing: (1) note the SKILL.md requires FAL_KEY and OPENCLAW_GATEWAY_TOKEN but the registry metadata does not list them — ask the publisher to update metadata to declare required secrets. (2) Understand what those secrets allow: FAL_KEY allows billed calls to fal.ai image-editing APIs; OPENCLAW_GATEWAY_TOKEN authorizes the OpenClaw gateway to send messages to channels (so treat it like a messaging credential). Only provide a minimal-scoped token and avoid sharing it. (3) Confirm the OpenClaw gateway the skill will hit is local/trusted (the docs reference http://localhost:18789); if your gateway is reachable remotely, the risk increases. (4) Consider policy/privacy issues: the skill generates realistic selfies (faces), which may have platform or legal restrictions. (5) Because this is an instruction-only skill with no provenance (source/homepage unknown), prefer running it in an isolated/testing environment first and request the publisher to: declare required env vars in registry metadata, provide a trusted source/homepage, and document token scopes. If you cannot verify those items, proceed cautiously or avoid installing.
功能分析
Type: OpenClaw Skill
Name: skill-10
Version: 0.1.0
The skill facilitates AI image editing and distribution but contains a shell injection vulnerability in its TypeScript implementation within SKILL.md. Specifically, the use of `child_process.exec` with unsanitized variables (`channel`, `messageCaption`) allows for arbitrary command execution if a user provides crafted input. While the behavior aligns with the stated purpose of using the fal.ai API (fal.run) and OpenClaw CLI, the lack of input sanitization in a high-privilege environment (requiring Bash and network access) poses a significant security risk.
能力评估
Purpose & Capability
The SKILL.md describes editing a fixed reference image via Fal.ai (Grok Imagine) and sending the result through OpenClaw — these requirements are coherent with the skill's description. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires FAL_KEY and OPENCLAW_GATEWAY_TOKEN. That metadata mismatch is unexpected and reduces transparency.
Instruction Scope
The instructions are narrowly scoped: they (1) take a user prompt, (2) call fal.run/xai/grok-imagine-image/edit with a fixed public reference image, and (3) send the returned image URL to channels via the OpenClaw CLI or local gateway. The skill does not instruct reading unrelated files or system secrets. Note: the prompts focus on realistic selfies (face fully visible), which may have privacy/biometric policy implications depending on your environment.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code. No downloads or package installs are specified, so nothing is written to disk by the skill itself.
Credentials
The SKILL.md requires two environment values: FAL_KEY (Fal.ai API key) and OPENCLAW_GATEWAY_TOKEN (OpenClaw gateway token). Both are plausible for the described workflow, but the registry metadata did not declare these requirements. The gateway token in particular can authorize sending messages to arbitrary channels via the local OpenClaw API; if leaked or too-permissive, it could be abused. Also supplying FAL_KEY enables billable API calls. The absence of declared env vars in metadata is an incoherence that should be resolved before trusting the skill.
Persistence & Privilege
The skill is not always: true and does not request persistent/privileged presence. It does instruct interacting with a local OpenClaw gateway but does not indicate modifying other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-10 - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-10触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Clawra Selfie skill initial release.
- Enables editing of Clawra's reference image using Grok Imagine (xAI Aurora) based on user-specified context.
- Automatically detects selfie mode ("mirror" or "direct") from user input.
- Sends generated selfies to various messaging channels (WhatsApp, Telegram, Discord, Slack, etc.) via OpenClaw.
- Provides Bash and Node.js/TypeScript example scripts for integration and automation.
- Requires FAL API key and OpenClaw Gateway token to function.
元数据
常见问题
Clawra Selfie 是什么?
Edit Clawra's reference image with Grok Imagine (xAI Aurora) and send selfies to messaging channels via OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 352 次。
如何安装 Clawra Selfie?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-10」即可一键安装,无需额外配置。
Clawra Selfie 是免费的吗?
是的,Clawra Selfie 完全免费(开源免费),可自由下载、安装和使用。
Clawra Selfie 支持哪些平台?
Clawra Selfie 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawra Selfie?
由 wangzhi8145(@wangzhi8145)开发并维护,当前版本 v0.1.0。
推荐 Skills