OllamaDiffuser Image generation
PassAudited by ClawScan on May 11, 2026.
Overview
This is a coherent local image-generation guide, but users should review the third-party Python installs and optional persistent Hugging Face token setup.
Before installing, confirm you trust the OllamaDiffuser and related Python packages, run installs in an isolated environment, approve any large model downloads, and only persist a Hugging Face token if you need gated models.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these packages can run third-party code and add dependencies to the local Python environment.
The skill recommends installing unpinned third-party Python packages. This is expected for a local image-generation tool, but users are relying on external package code not included in the reviewed artifacts.
`pip install ollamadiffuser`; `pip install "ollamadiffuser[full]"`; `pip install "ollamadiffuser[mcp]"`; `CMAKE_ARGS="-DSD_METAL=ON" pip install stable-diffusion-cpp-python`
Install in a virtual environment, verify the package source, consider pinning versions, and approve package installs before letting the agent run them.
A persisted token could be exposed if shell config files are shared, backed up insecurely, or read by other local processes.
The skill documents use of a Hugging Face token for gated models and suggests persisting it in shell startup files. This is purpose-aligned, but it makes the token available to future shell sessions and local processes.
`export HF_TOKEN=your_token_here` (Add to `.bashrc` or `.zshrc` for persistence).
Use a least-privilege Hugging Face token, avoid persisting it unless needed, keep shell config files private, and revoke the token if it is exposed.