ClawHub

Coloring Page Generator

v1.0.0

AI coloring page generator — create printable black and white coloring pages, adult coloring book pages, kids coloring sheets, and coloring book illustration...

0· 64·0 current·0 all-time
by@blammectrappora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description, README, SKILL.md, and the JS file all describe generating black-and-white line-art images via the Neta/TalesOfAI API. The single required secret (an API token passed at run-time) and the network calls to api.talesofai.com align with this purpose.
Instruction Scope
Runtime instructions are limited: run the Node script with a prompt and a token. The SKILL.md does not instruct reading unrelated files, environment variables, or system state, nor does it send data to unexpected endpoints beyond the documented API domain.
Install Mechanism
There is no install spec that downloads arbitrary code — the package is instruction-only for the skill registry, and included code is a small standalone Node script using the builtin https module. No suspicious external installers or archives are used.
Credentials
No environment variables are required by the skill; it expects an API token passed via the --token flag. That token is appropriate and necessary for the remote image service, but passing tokens on the command line can expose them via shell history or process listings — consider using an env var or other secret injection mechanism when running.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills or system configuration, and uses only ephemeral runtime behavior (network requests) consistent with its stated purpose.
Assessment
This package is internally consistent for generating coloring-page images via the Neta/TalesOfAI API. Before installing/running: (1) confirm you trust the remote API host (api.talesofai.com / neta.art) and its terms/privacy since your prompts (which may include personal data) will be sent there; (2) avoid supplying the API token directly on the command line in shared shells (use an environment variable or other secret mechanism) because CLI args can be recorded in shell history or visible in process lists; (3) review the included JS if you need to ensure no additional data is sent — the script only posts the prompt and optional reference UUID and returns an image URL; (4) if you will use copyrighted or sensitive prompts/images, verify the service's usage and retention policies. Overall the skill appears coherent with its description.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fa4e0mfhpf6873d7xybk57584bsd7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments