Visual Prompt Engine

Generate diverse, non-repetitive image prompts powered by real visual references from Dribbble and design platforms. USE WHEN: user wants an image prompt, ne...

This skill is internally consistent and low-risk in terms of requested privileges, but review these practical points before installing: (1) The scraper fetches data from Dribbble — ensure you are comfortable with scraping and any site terms of service; (2) The agent is instructed to 'view' image_url entries, which will make the agent fetch remote images and could cause those images to be sent to external vision or LLM services if your agent is configured to do so (be careful with copyrighted content and privacy); (3) SKILL.md mentions data/prompt_history.json but that file isn't included — you may need to create it or handle deduplication yourself to avoid errors; (4) Optional dependencies (requests, beautifulsoup4) are standard but only needed for HTML scraping; (5) If you enable browser automation tools for scraping, avoid granting them unnecessary credentials. If you want higher assurance, run the scripts manually in a sandbox, review/curate the data/ files, and verify where any image analysis traffic is sent.

Type: OpenClaw Skill Name: visual-prompt-engine Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'visual-prompt-engine' is classified as benign. All code and documentation are aligned with the stated purpose of generating diverse image prompts using visual references. The Python scripts (`scrape_dribbble.py`, `style_card.py`) perform legitimate web scraping (from Dribbble) and local file operations within the skill's data directory. Instructions in `SKILL.md` and `references/*.md` guide the AI agent to read local files and compose prompts, without any evidence of prompt injection designed to subvert the agent's core function, exfiltrate data, establish persistence, or execute unauthorized commands. While a general vulnerability for path traversal exists if an agent were to pass unsanitized user input to script arguments like `--output` or `--import-file`, the skill itself does not construct or instruct the use of such malicious paths, making it a vulnerability of the agent's execution environment rather than an intentional malicious act by the skill.