ClawHub

Selfie Art Generator

v1.3.0

Generate AI selfie art portraits from text descriptions — cinematic portraits, anime illustrations, oil painting style, and artistic profile pictures via the...

0· 69·0 current·0 all-time
by@barbaraledbettergq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, SKILL.md, package.json, and the script all point to the same purpose (generate images via Neta/TalesOfAI). The only required secret (NETA_TOKEN) is appropriate for that API. Endpoints used (api.talesofai.com and oss.talesofai.cn) match the README's claim.
Instruction Scope
Runtime instructions only ask the agent/user to provide a prompt and a Neta token and run the included Node script. The script only reads the CLI token flag and prompt, calls the image API, polls for completion, and prints a returned image URL. It does not reference or exfiltrate other files, system config, or unrelated environment variables.
Install Mechanism
There is no external install script or remote download; this is effectively an instruction+included script package. package.json contains only metadata (declaring the env var requirement). No archives are fetched or arbitrary code downloaded at install time.
Credentials
Only one credential (NETA_TOKEN) is declared/required, which is reasonable for a third-party image-generation API. The script expects the token via the --token flag (README shows exporting NETA_TOKEN then passing it), and it does not access other secrets or config paths.
Persistence & Privilege
The skill is not forced-always, does not request persistent system-wide privileges, and does not modify other skills or global agent settings. It runs on demand and only performs network requests to the stated API.
Assessment
This skill appears to do what it says: it sends your prompt (and optional reference UUID) and your NETA_TOKEN to the Neta/TalesOfAI API and returns an image URL. Before installing or using, consider: (1) Privacy — any selfies or identifying prompts you send will be transmitted and stored/processed by the third party (api.talesofai.com / oss.talesofai.cn). Avoid uploading sensitive images. (2) Jurisdiction and trust — the OSS host is under the domain oss.talesofai.cn; verify you trust the service and its terms. (3) Token handling — the package declares NETA_TOKEN as required; the script reads the token from the --token flag (README shows exporting and then passing it). Keep your token secret and do not paste it into untrusted UIs. (4) Runtime environment — the script uses fetch and ESM; run under a Node version with global fetch (Node 18+). If any of these concerns worry you, don't install or use the skill until you confirm the vendor and privacy/terms.

Like a lobster shell, security has layers — review code before you run it.

latestvk972254w1yswkk0c48ty2bgnr583qrrn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments