ClawHub

Generate images using Runware API

v1.0.0

Generate high-quality images on-demand via the Runware.ai API. This skill is the default image generator. Use it whenever the user asks to "generate an image...

0· 516·0 current·0 all-time
by@geeklord
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The repository contents (Python CLI script calling https://api.runware.ai/v1/tasks) match the stated purpose of generating images via Runware. However, the registry metadata declares no required environment variables or primary credential while the script clearly requires a RUNWARE_API_KEY. Several documentation claims conflict with the code (e.g., SKILL.md says images save to the user's Downloads folder by default, but the code defaults to a configurable default_output_dir and README refers to ~/runware_images). These mismatches are incoherent and should be clarified.
!
Instruction Scope
SKILL.md instructs the agent to 'Do NOT ask the user for the RUNWARE_API_KEY' and to 'Execute the script directly' without clarifying questions in most cases. The code, however, will prompt interactively for the API key if none is in the environment and enforces a prompt safety check that may abort generation (e.g., referencing teen/minor words). The instructions therefore overrule or contradict the script behavior and give the agent broad discretion to run the CLI immediately—this is risky and not fully consistent.
Install Mechanism
There is no install spec; this is essentially an instruction + included script bundle. Dependencies are minimal and declared in requirements.txt (requests, python-dotenv, pytest). No external downloads or obscure install URLs are used.
!
Credentials
The skill requires a Runware API key at runtime (RUNWARE_API_KEY) but the registry metadata lists no required env vars or primary credential—this is an important mismatch. The code loads .env from the skill directory and will also prompt for the key if absent; tests include an integration test gated on RUNWARE_API_KEY. The skill therefore needs a secret to function, and the documentation/inventory should declare that explicitly.
Persistence & Privilege
The skill does not request always:true and does not alter other skills. It does write to its own skill-config.json to persist last_output_dir and will create directories and write image files to the filesystem (default configurable path). This file-system persistence is expected for an image-saving CLI but note it will create and update files in the skill directory and create user output directories.
What to consider before installing
This skill appears to be a legitimate Runware image CLI, but there are several things to check before installing or allowing it to run autonomously: - RUNWARE_API_KEY is required at runtime but the registry metadata does not declare any required env vars. Provide the key securely (environment variable or secret manager) and do not store it in the repo. Verify the agent will not accidentally log or transmit the key elsewhere. - SKILL.md instructs agents to never ask for the API key and to execute the script immediately; the script will prompt for a key if missing. Decide whether you want the agent to run the CLI without clarifying questions—this could cause undesired generations. If unsure, disable autonomous invocation or require explicit user consent before running. - There are conflicting statements about default save location (SKILL.md says Downloads; README and code use default_output_dir ~/runware_images and the skill writes last_output_dir to skill-config.json). Confirm and, if desired, change the default output path in skill-config.json to a safe location, and be aware the script will persist last_output_dir by writing to the skill's config file. - The prompt safety check is simple string matching (e.g., blocks 'teen', '13', etc.). This is a basic filter and not a substitute for policy review—inspect validate_prompt if you need stricter or different behavior. - Review the code yourself (generate_image.py) to ensure there are no additional endpoints or telemetry, and run tests locally (pytest). The project has no external install URLs and uses common Python libs, which reduces supply-chain risk. If you are comfortable with an agent invoking a local script that will read a .env in the skill directory and write image files to disk, and you will provide RUNWARE_API_KEY via a secure mechanism, the inconsistencies appear to be sloppy documentation rather than malicious behavior. If you need autonomous generation to be tightly controlled, require explicit user approval before the skill executes or correct the metadata and SKILL.md so behavior matches exactly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755cqb477j1g50nsqq8v566h8170bz
516downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@geeklord
latest
Download

Runware Image Skill

Purpose

Provide a secure, documented, and testable integration for generating images via the Runware.ai Image Inference API.

IMPORTANT INSTRUCTIONS FOR AGENT:

  1. Do NOT ask the user for the RUNWARE_API_KEY. The script automatically loads it from the .env file in the skill directory.
  2. Do NOT ask clarifying questions (style, size, etc.) unless the user's prompt is extremely vague. For requests like "generate a man on the moon", use your best judgment for the prompt and run the script immediately.
  3. Execute the script directly. Do not propose it.

What it does

  • Send text-to-image tasks to Runware's task API (imageInference).
  • Support synchronous (sync) responses returning base64 image data and asynchronous workflows (webhook/polling) if required.
  • Save generated images to the user's Downloads folder by default.
  • Validate prompts for common safety issues (e.g., minors) before sending requests.

Included files

  • scripts/generate_image.py — Primary CLI script (Python 3.8+). Reads RUNWARE_API_KEY from environment, supports sync mode, size/format options, and output filename.
  • skill-config.json — default parameters (no secrets). Contains default_size and default_format.
  • SKILL.md — this metadata and usage file.

Security & secrets

  • DO NOT commit API keys. This skill requires RUNWARE_API_KEY to be provided via the environment when executed (export RUNWARE_API_KEY=...) or via a secure secret manager.
  • The packaged version uploaded to ClawHub must not include any API keys. Before publishing, confirm skill-config.json contains NO sensitive values.
  • The script performs simple prompt filtering; users should still follow platform content policies.

Usage (CLI)

  1. Install dependencies

    • pip install -r requirements.txt (The script uses requests and python-dotenv; keep requirements minimal.)

  2. Set your Runware API key. You can create a .env file in the skill directory: RUNWARE_API_KEY=your_key_here Or set it in your environment: $env:RUNWARE_API_KEY = "<YOUR_KEY>"

  3. Run the script (sync mode): python scripts/generate_image.py --prompt "A photorealistic adult portrait (age 25)" --sync --outfile "my_image.png"

  4. For non-sync workflows, omit --sync and implement webhook handling or polling as described in the Runware docs.

Configuration

  • skill-config.json fields:
    • default_size: e.g. "1024x1024"
    • default_format: e.g. "png"

Packaging & publishing (ClawHub)

Checklist before publishing:

  • Remove any plaintext API keys from skill-config.json (already removed).
  • Add a short one-line license (MIT recommended) in LICENSE file.
  • Add a small tests/ directory with a smoke test that verifies parsing logic and saved file behavior using temporary directories. Tests may require RUNWARE_API_KEY for live integration or can be skipped in CI if secrets are not provided.
  • Ensure SKILL.md frontmatter (name + description) is accurate and includes trigger phrases.
  • Provide example prompts and recommended safety guidance in SKILL.md.

Suggested repository structure

runware-image/ ├── SKILL.md ├── skill-config.json ├── scripts/ │ └── generate_image.py ├── requirements.txt ├── LICENSE └── tests/ └── test_generate_image.py

Tests and CI

  • Include a minimal pytest-based test that stubs requests.post and verifies parsing logic and saved file behavior using temporary directories.
  • Add GitHub Actions workflow (optional) that runs tests on push.

Contribution & support

  • Include a short CONTRIBUTING.md describing how to run tests, where to report issues, and how to add features (e.g., support for ControlNet, LoRA, or custom models).
  • Provide an examples/ folder with 2–3 example prompts and expected CLI commands.

Licensing

  • Recommend MIT license for public sharing unless you prefer another OSI-approved license.

Privacy and usage notes

  • Make it explicit that the skill does not collect or store user prompts or keys on the server. All generation is performed using the user's Runware account.
  • Recommend users review Runware's terms and ensure they have rights to generate/host the requested imagery.

Comments

Loading comments...