Floating Product Generator
v1.0.0Generate cinematic floating product shots, levitating product photography, and hovering e-commerce images with dramatic studio lighting — perfect for Shopify...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, README, SKILL.md, and the included script all consistently implement a text-to-image generator that submits prompts to the Neta API (api.talesofai.com). Required inputs (a Neta token and a text prompt) match the stated purpose.
Instruction Scope
Runtime instructions and the script only perform expected actions: append a prompt suffix, POST to the image-generation endpoint, poll for results, and print the resulting image URL. They transmit prompts and the provided token to an external API — this is expected for the functionality but is a privacy/networking consideration.
Install Mechanism
There is no installer that downloads or executes remote code; this is effectively an instruction-only skill with a small included Node script. The manifest includes no download-from-URL installs or other high-risk installation behaviors.
Credentials
No environment variables or unrelated credentials are requested. The tool requires a Neta API token, but the SKILL.md and README recommend passing it via the --token CLI flag, which can expose secrets via process lists and shell history — a proportionality/usage concern (not a functional mismatch).
Persistence & Privilege
The skill is not marked always:true, does not request persistent system-level privileges, and does not modify other skills or global config. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.
Assessment
This skill appears internally consistent: it takes your prompt and token and calls the Neta image API, then prints a resulting image URL. Before installing or running it, consider: (1) you will be sending prompt text and the API token to an external service (api.talesofai.com / neta.art); review that service's privacy, retention, and usage terms if your prompts contain sensitive information; (2) passing the token on the command line (--token) can expose it to other users on the system via process listings and may be recorded in shell history — prefer using a more secure mechanism (if available) such as environment variables, protected input, or a short-lived token; (3) if you have strict network egress or data-policy controls, verify that calling an external image-generation API is allowed. Other than these privacy/operational cautions, there are no indications of unrelated credential requests, hidden endpoints, or risky install behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk972bwwwk14tx0gwktqq99zh6s84qwya
License
MIT-0
Free to use, modify, and redistribute. No attribution required.