pick your
Generates multi-themed food collages (Burgers, Pizzas, Sushi, Salads, Desserts) with circle-masked images. Use when user asks for a collage of specific food...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 167 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and make_wings_collage.py describe generating collages from local images (wings_style_collages/...). However the repository also contains scripts/generate_image.py which calls an external Cloudflare Workers AI endpoint and embeds a hard-coded ACCOUNT_ID and TOKEN. The skill declares no required credentials or network use, so the presence of hard-coded secrets and an external API client is disproportionate and unexplained.
Instruction Scope
SKILL.md instructs running make_wings_collage.py from an absolute workspace path and does not mention generate_image.py or any external network activity. generate_image.py, however, runs a shell curl command (via subprocess.run with shell=True), writes to /tmp, decodes base64 responses to files, and contains hard-coded credentials — behavior outside the stated scope and not documented in SKILL.md.
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself. However the included scripts can be executed directly; generate_image.py executes a shell curl command. No external archives or unusual installers are present.
Credentials
The skill declares no required environment variables or credentials, yet generate_image.py contains a clear hard-coded ACCOUNT_ID and TOKEN (sensitive secrets) embedded in the code. This is disproportionate and risky: credentials should not be hard-coded, and any external API access should be declared and scoped.
Persistence & Privilege
Flags show always:false and user-invocable:true (normal). The skill does not request permanent presence or claim to modify other skills or system-wide settings.
What to consider before installing
Do not run or deploy this skill without remediation. Specific steps to consider before installing: 1) Treat the hard-coded ACCOUNT_ID and TOKEN as sensitive — assume they are valid and could be used to consume or exfiltrate resources; remove the file or the credentials immediately. 2) Ask the author why generate_image.py is included and why it contains an embedded token; require replacing hard-coded creds with a documented environment variable and minimal-scope credentials. 3) If the token is yours, rotate/revoke it now. 4) If you must test, run only make_wings_collage.py in an isolated sandbox and verify it uses local image files (wings_style_collages/...). 5) Prefer skills with clear provenance (homepage, source repo) and documented external API usage. 6) Consider deleting or auditing generate_image.py (it uses shell=True curl and writes to /tmp) before allowing the skill to run in any privileged environment.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Pick Your
This skill generates high-quality food collages based on predefined themes.
Usage
Use the make_wings_collage.py script to generate collages.
python3 /root/.openclaw/workspace/skills/pick-your/scripts/make_wings_collage.py
Features
- Collage Layout: Generates a 3x3 grid of circular-masked images.
- Dynamic Titles: Automatically handles "PICK [X] [THEME]" titles.
- Customizable: Handles themes like Burgers, Pizzas, Sushi, Salads, and Desserts.
Themes
- Gourmet_Burgers
- Artisan_Pizzas
- Sushi_Rolls
- Healthy_Salads
- Dessert_Delights
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…