← 返回 Skills 市场
101
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install test-security
功能描述
AI image generation, editing, and background removal API via Bria.ai — remove backgrounds to get transparent PNGs and cutouts, generate images from text prom...
安全使用建议
This skill otherwise looks like a standard Bria.ai client, but there are disclosure gaps you should resolve before installing. Specifically:
- The SKILL.md and bria_client.sh expect an API key (BRIA_API_KEY / BRIA_ACCESS_TOKEN) and will read ~/.bria/credentials, but the registry metadata lists no required env vars or config paths — ask the publisher to update metadata to declare these explicitly.
- The helper script uses curl, base64, sed and writes temporary files to /tmp; confirm those binaries are available in the environment where the skill will run and that temporary file usage is acceptable.
- The skill will direct users to external endpoints (engine.prod.bria-api.com and platform.bria.ai/device/verify). Verify those domains are legitimate for your organization and that sending images (or base64-encoded image data) to them complies with your data policies.
- If you plan to install, put the minimum-privilege API key into a secrets manager or dedicated account, not into a broadly accessible account. Test the skill in an isolated environment first, and ask the publisher for a homepage or official source (none is provided) to validate authenticity.
If the publisher can correct metadata to list BRIA_API_KEY/BRIA_ACCESS_TOKEN and the ~/.bria credential path (and document the required local binaries), the skill would be internally coherent; until then proceed cautiously.
功能分析
Type: OpenClaw Skill
Name: test-security
Version: 1.0.0
The skill bundle provides a legitimate integration for the Bria.ai image generation and editing API. It includes a shell-based client (bria_client.sh) that handles authentication via OAuth2 device flow and manages API requests, including base64 encoding of local images for processing. Credentials are stored locally in ~/.bria/credentials, and all network traffic is directed to the official Bria.ai production endpoints (engine.prod.bria-api.com). The instructions in SKILL.md are well-structured for an AI agent and do not contain any malicious prompt injection or unauthorized data exfiltration logic.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md, API reference, and helper script all describe Bria.ai image generation and background removal — that purpose is consistent with the code. However, the registry metadata lists no required environment variables or config paths, yet the SKILL.md and bria_client.sh explicitly read ~/.bria/credentials and expect BRIA_API_KEY/BRIA_ACCESS_TOKEN. The absence of declared credentials/config-path requirements in metadata is an inconsistency.
Instruction Scope
Runtime instructions and the included bash helper explicitly read ~/.bria/credentials, poll auth endpoints, write temporary JSON files to /tmp, and send images (or base64-encoded image data) to engine.prod.bria-api.com. Reading a local credentials file and using an API key is expected for an API integration, but the SKILL.md also instructs the agent how to authenticate (device flow) and to show a single sign-in link — these behaviors expand runtime scope and should be disclosed in metadata.
Install Mechanism
This is an instruction-only skill with no install spec and one helper script. No remote downloads or install-time code execution are present, so install-time risk is low.
Credentials
The skill needs an API key (BRIA_API_KEY / BRIA_ACCESS_TOKEN) and reads ~/.bria/credentials to retrieve it — that is proportionate to calling the Bria API. However, the skill did not declare a primary credential or required env vars/config paths in its registry metadata, which is a disclosure gap. Also, the helper script assumes presence of curl, base64, sed and writes temporary files to /tmp; these runtime expectations are not declared in metadata.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist configuration beyond creating ~/.bria/credentials during device auth. No elevated persistence or cross-skill modifications observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install test-security - 安装完成后,直接呼叫该 Skill 的名称或使用
/test-security触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the test-security skill, providing the bria-ai image generation and editing API.
- Enables background removal, image generation from prompts, editing, upscaling, and batch processing through Bria.ai.
- Detailed setup instructions for authentication, access token management, and billing status checking included.
- Commercially safe and royalty-free outputs via 20+ API endpoints tailored for e-commerce, web design, and content creation.
- Comprehensive usage guide and examples for product photography, social media, marketing assets, restoration, and automated pipelines.
元数据
常见问题
Don't download 是什么?
AI image generation, editing, and background removal API via Bria.ai — remove backgrounds to get transparent PNGs and cutouts, generate images from text prom... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。
如何安装 Don't download?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install test-security」即可一键安装,无需额外配置。
Don't download 是免费的吗?
是的,Don't download 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Don't download 支持哪些平台?
Don't download 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Don't download?
由 Levdavid1(@levdavid1)开发并维护,当前版本 v1.0.0。
推荐 Skills