Azure Image Gen
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims—generate Azure OpenAI images and save a local gallery—but users should understand it uses an Azure API key, can spend API quota, and writes local output files.
Before installing, make sure you are comfortable providing an Azure OpenAI API key, verify the endpoint is yours, keep batch counts small unless intended, and treat the generated gallery as local output that should not be opened from untrusted prompt content without HTML escaping.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill consumes access and quota from the configured Azure OpenAI account.
The skill requires an Azure OpenAI API key and endpoint. This is purpose-aligned for image generation, but it gives the skill access to a paid Azure OpenAI deployment and is not reflected in the registry credential metadata.
export AZURE_OPENAI_ENDPOINT="https://your-resource.openai.azure.com" export AZURE_OPENAI_API_KEY="your-api-key" export AZURE_OPENAI_DALLE_DEPLOYMENT="your-dalle-deployment-name"
Use a least-privileged Azure OpenAI key, store it carefully, and confirm the endpoint is your intended Azure resource.
A high count could consume API quota or incur unexpected Azure costs.
Batch generation is an intended feature, but the count argument has no built-in maximum, so a large value could trigger many Azure image-generation calls.
parser.add_argument("--count", "-n", type=int, default=1, help="Number of images (default: 1)")
...
for i in range(args.count):Choose small, deliberate count values and consider adding a maximum count or confirmation step before large batches.
Opening a gallery generated from untrusted prompt text could display or execute injected HTML/JavaScript in the local browser page.
The generated gallery inserts prompt text into HTML without escaping. If untrusted prompt text contains HTML or script and the user opens the gallery, browser code could run in that local page.
<img src="{img['filename']}" alt="{img['prompt'][:100]}">
...
<p class="prompt">{img['prompt']}</p>Use trusted prompts, avoid pasting untrusted HTML-like text into prompts, and update the script to HTML-escape prompt values before writing index.html.