Risha.ai Content Generation
ReviewAudited by ClawScan on May 14, 2026.
Overview
This appears to be a coherent Risha.ai content-generation skill, but it needs Risha account access and can spend Risha credits or send selected media to Risha.
Use this skill only if you want your agent to access your Risha account. Provide credentials carefully, confirm credit estimates before generation, and only upload files you are comfortable sending to Risha.ai. Since the registry source is listed as unknown, install from a trusted copy and review the helper script if you will use it for paid or sensitive media workflows.
Publisher note
# Risha Content Generator Skill OpenClaw skill for discovering and executing [Risha.ai](https://www.risha.ai/) capabilities from a local helper script. This skill is useful when you want OpenClaw to: - authenticate against a Risha account - inspect the capabilities available to that account - check required inputs and available choices - estimate credits before generation - run text, image, audio, and video generations through Risha ## What Is Included - [`SKILL.md`](./SKILL.md): the skill instructions used by OpenClaw - [`agents/openai.yaml`](./agents/openai.yaml): skill registration metadata - [`scripts/risha_api.py`](./scripts/risha_api.py): helper CLI for auth, catalog refresh, estimation, and generation - [`references/current-capabilities.json`](./references/current-capabilities.json): bundled capability snapshot - [`references/current-capabilities.md`](./references/current-capabilities.md): readable capability inventory - [`references/risha-api.md`](./references/risha-api.md): API notes and endpoint reference ## Install Clone or copy the `risha-content-generator` folder into your OpenClaw skills directory so the final path looks like: ```text <your-openclaw-skills-dir>/risha-content-generator ``` Example using Git: ```bash git clone https://github.com/<your-account>/risha-content-generator-skill.git cp -R risha-content-generator-skill/risha-content-generator <your-openclaw-skills-dir>/ ``` Example using a downloaded ZIP: 1. Download the repository ZIP from GitHub. 2. Extract it. 3. Copy the `risha-content-generator` folder into your OpenClaw skills directory. After installation, OpenClaw should be able to discover the skill by name: ```text risha-content-generator ``` ## Create Your Risha Account Register from the official Risha website: - [Risha.ai](https://www.risha.ai/) Then click `Get Started Free` and create your account with an email address and password. Important: - Do not use Google sign-in. - Do not use Meta sign-in. This skill authenticates to Risha capabilities using: - `RISHA_EMAIL` - `RISHA_PASSWORD` So you need a normal email/password account that can be used by the local helper script. ## Configure Credentials Export your Risha credentials before using the helper: ```bash export RISHA_EMAIL="you@example.com" export RISHA_PASSWORD="your-password" ``` Optional: ```bash export RISHA_API_BASE_URL="https://adminxcore-api.risha.ai/api" ``` If you already have a working authorization header, you can use: ```bash export RISHA_AUTH_HEADER="Bearer ..." ``` ## Quick Start Validate the account: ```bash python3 scripts/risha_api.py me ``` Refresh the capability catalog: ```bash python3 scripts/risha_api.py catalog \ --quiet \ --write-json references/current-capabilities.json \ --write-markdown references/current-capabilities.md ``` Inspect one capability: ```bash python3 scripts/risha_api.py capability 16 ``` Estimate credits before generation: ```bash python3 scripts/risha_api.py estimate \ --capability-id 16 \ --prompt-data-file /absolute/path/prompt-data.json ``` Generate content: ```bash python3 scripts/risha_api.py generate \ --capability-id 16 \ --prompt-data-file /absolute/path/prompt-data.json \ --wait ``` ## Notes - The skill uses a bundled capability snapshot for fast discovery, but you can refresh it live from your own account. - Capability availability depends on the authenticated Risha account. - Credit estimation is built in so you can see projected usage before generation. ## Repository Structure ```text risha-content-generator/ ├── README.md ├── SKILL.md ├── agents/ │ └── openai.yaml ├── references/ │ ├── current-capabilities.json │ ├── current-capabilities.md │ └── risha-api.md └── scripts/ └── risha_api.py ```
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the skill with these variables can make Risha API requests as that account.
The skill uses Risha account credentials or an authorization header to act on the authenticated account. This is expected for the integration, but it is sensitive account access.
`RISHA_AUTH_HEADER` when the caller already has a working header ... `RISHA_EMAIL` and `RISHA_PASSWORD` when the skill can log in directly through `/api/auth/login/`.
Use a dedicated or limited Risha account if possible, keep credentials in environment variables rather than prompts or files, and rotate them if exposed.
If the agent runs generation without your intended approval, it may use paid or limited Risha credits.
Generation requests are the skill's purpose and the credit preview is disclosed, but submitting jobs can consume account credits.
Before every `generate` request, it fetches: current available credits, estimated cost ... projected remaining credits after submission.
Review the capability, inputs, and credit estimate before allowing generation, especially for high-cost media capabilities.
Running the helper can make network requests to Risha and read or write files specified in command options.
The skill relies on executing a bundled local Python helper for API calls. This is disclosed and central to the purpose, but it is still local command execution.
python3 scripts/risha_api.py generate --capability-id 123 --prompt-data-file /absolute/path/prompt-data.json --wait
Run the skill from a trusted copy, review prompt-data file paths, and avoid passing files you do not intend to send to Risha.
In a shared workspace, refreshed capability information may remain on disk and influence future Risha tasks.
The catalog refresh can persist an account-specific capability snapshot in the skill directory for reuse by later agent runs.
catalog --quiet --write-json references/current-capabilities.json --write-markdown references/current-capabilities.md
Refresh catalogs only in a trusted workspace, protect or delete refreshed reference files if they reveal account-specific capability access, and re-refresh if the catalog may be stale.