ClawHub

Ai Headshot Skill

v2.1.0

Generate ai professional headshot generator images with AI via the Neta AI image generation API (free trial at neta.art/open).

0· 169·0 current·0 all-time
by@blammectrappora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI headshot generator) match the included code and README: the script builds an image-generation request and polls api.talesofai.com for a result URL. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and README instruct running node aiheadshot.js with a --token and optional flags; the runtime instructions only cover building and sending the image request and polling for the result. They do not ask the agent to read arbitrary files, other credentials, or system state.
Install Mechanism
There is no install spec in registry metadata (low-risk, instruction-only), but the bundle includes aiheadshot.js and package.json. The README suggests installing via npx skills add or ClawHub; nothing in the package tries to download or execute untrusted code beyond the included script.
Credentials
No environment variables or unrelated credentials are requested. The script expects a Neta API token passed via --token, which is appropriate. Note: passing secrets on the command line can expose them in process lists or shell histories; this is an operational risk but not inconsistent with the skill's stated purpose.
Persistence & Privilege
Skill does not request always=true, does not modify other skills or system configs, and has no persistent/background privileges. It runs only when invoked.
Assessment
This skill appears to do what it says: it sends your prompt and the token you provide to api.talesofai.com and prints a returned image URL. Before installing, confirm you're comfortable sharing a Neta API token with that service. Avoid exposing the token on the command line in shared environments (process listings and shell history can reveal it); prefer using short-lived tokens or other secure submission methods if available. Also ensure you run the script with a Node version that provides global fetch (Node 18+), and verify the Neta/talesofai service's privacy/usage terms if you are processing sensitive images.

Like a lobster shell, security has layers — review code before you run it.

latestvk9728zc3bppa8fae9dcfgg2xe183pxs3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments