← 返回 Skills 市场
icesumer-lgtm

通义万相 2.5D 横幅插画

作者 icesumer-lgtm · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
573
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wenxiang-2d5-banner
功能描述
Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K...
安全使用建议
Do not install or run this skill yet. Steps to safely proceed if you want this capability: 1) Ask the author for a minimal package: SKILL.md + the single generate_image.py script. The skill bundle should not include unrelated workspace files or backups. 2) Require that the skill metadata explicitly list GEMINI_API_KEY as a required env var (primary credential) and update the install/usage paths to match actual file locations. 3) Manually inspect the generate_image.py script before running: search for network endpoints, hard-coded secrets, base64/obfuscated blobs, file reads/writes beyond working directory, and any code that uploads files to unknown servers. 4) Remove any files exposing secrets (the manifest includes a backup file with many API keys/app secrets). Treat those as compromised and rotate those credentials if they are yours. 5) If you must test, run the script in a disposable/sandboxed environment (isolated VM or container) with a throwaway Gemini key and no access to other credentials or sensitive files. Monitor outbound network traffic during a first run. 6) If SKILL.md still contains prompt-injection artifacts (ignore-previous-instructions, base64 blocks, hidden unicode), do not use it; request a cleaned SKILL.md and a clear explanation of why those patterns are present. Summary: the skill's stated scope is plausible, but metadata mismatches, embedded unrelated files and exposed secrets, and prompt-injection signals make this package unsafe until cleaned and the single image-generation script is independently reviewed.
功能分析
Type: OpenClaw Skill Name: wenxiang-2d5-banner Version: 1.0.0 The bundle appears to be a full workspace dump rather than a focused skill, containing a massive amount of sensitive data including hardcoded API keys for Aliyun, Feishu, and other services in files such as 'openclaw.json', 'fetch_feishu_docs.py', and various test scripts. It includes high-privilege logic like the 'feishu-multi-agent-manager', which can modify the core 'openclaw.json' configuration, and 'autonomous-thinking.js', which allows the agent to rewrite its own memory and logs. While these features align with the stated goal of a 'self-improving' agent, the presence of leaked credentials and the ability to perform broad system and configuration modifications pose a significant security risk.
能力评估
Purpose & Capability
Name/description claim a single image-generation/editing helper for Gemini (Nano Banana Pro), but the bundle includes hundreds of unrelated files (agents, dashboards, backups, credentials). The SKILL.md expects an API key (GEMINI_API_KEY) yet registry metadata lists no required env vars. The usage examples reference an absolute path (~/.codex/skills/nano-banana-pro/scripts/generate_image.py) that does not match the manifest paths (files live in various scripts/ and clawhub skills/ locations). Requiring or shipping unrelated system config and many auxiliary tools is disproportionate to a small image-generation skill.
Instruction Scope
SKILL.md instructs running a local Python script with an API key and to run from the user's CWD. It explicitly checks GEMINI_API_KEY, but the registry declares none — a metadata/instruction mismatch. The pre-scan flags indicate prompt-injection patterns present in SKILL.md (ignore-previous-instructions, base64-block, unicode-control-chars), which is unexpected for a simple CLI usage document and could indicate an attempt to manipulate agents that read SKILL.md. The instructions otherwise limit scope to calling Gemini and saving PNGs, but the included repository contains code and files that the instructions do not mention (possible scope creep).
Install Mechanism
No install spec (instruction-only) which normally reduces install-time risk. However, the package contains many code files (scripts/generate_image.py plus hundreds of other files). Because there is no defined install, SKILL.md relies on running a script from a hard-coded absolute path under the user's home; that mismatch increases accidental-execution risk (user may run an unexpected local script). No remote download URLs were found in the provided SKILL.md, which is good, but the presence of a large workspace shipped with the skill is inconsistent with 'instruction-only' and should be clarified.
Credentials
SKILL.md expects an API key (GEMINI_API_KEY or --api-key) but the registry lists no required env vars or primary credential — metadata omission. Additionally, the file manifest includes explicit credential-like values (e.g., appSecret, apiKey) in backup files, which are unrelated to the stated image-generation purpose and increase the risk of accidental exposure or misuse. The skill should only ask for the single API key needed for Gemini; extra exposed keys in the bundle are disproportionate and suspicious.
Persistence & Privilege
always is false and there is no install spec requesting permanent presence or elevated privileges. The skill does not request to auto-enable itself or modify other skills. Autonomous invocation remains allowed (platform default) but is not combined with 'always: true' or other high-privilege indicators.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wenxiang-2d5-banner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wenxiang-2d5-banner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本:支持严格 2.5D 等距视角横幅插画生成(1280*790),自动发送到飞书聊天框
元数据
Slug wenxiang-2d5-banner
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

通义万相 2.5D 横幅插画 是什么?

Generate/edit images with Nano Banana Pro (Gemini 3 Pro Image). Use for image create/modify requests incl. edits. Supports text-to-image + image-to-image; 1K... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 573 次。

如何安装 通义万相 2.5D 横幅插画?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wenxiang-2d5-banner」即可一键安装,无需额外配置。

通义万相 2.5D 横幅插画 是免费的吗?

是的,通义万相 2.5D 横幅插画 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

通义万相 2.5D 横幅插画 支持哪些平台?

通义万相 2.5D 横幅插画 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 通义万相 2.5D 横幅插画?

由 icesumer-lgtm(@icesumer-lgtm)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论