ClawHub

Logo Design Generator

v1.0.0

AI logo generator and logo design maker — create professional brand logos, company emblems, startup icons, app logos, and business identity marks. Design cus...

0· 97·0 current·0 all-time
by@blammectrappora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it uses the Neta image API and the code indeed calls an external image-generation endpoint (https://api.talesofai.com). The README/SKILL.md reference neta.art/open while the code targets api.talesofai.com — the repo claims they are the same service, which is plausible but worth verifying if you want to confirm the vendor. Otherwise the requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md instructs running the included Node script with a --token flag and a prompt. The instructions do not ask the agent to read arbitrary files, environment variables, or system state beyond the provided token, nor to transmit data to unexpected endpoints beyond the image API.
Install Mechanism
This is an instruction-only skill with one small JS file and no install spec; nothing is downloaded or installed by an installer. Low risk from install mechanism.
Credentials
No required env vars or additional credentials are declared. The script expects an API token passed as a CLI flag, which is proportional to an external image-generation service. There are no requests for unrelated secrets or config paths.
Persistence & Privilege
The skill is not always-on, does not request persistent system privileges, and does not modify other skills or system-wide configuration. It simply makes outbound API calls during execution.
Assessment
This skill appears to be what it claims: a small Node CLI that sends your text prompt (and optional reference ID) to an external image-generation API and returns a direct image URL. Before using: (1) verify the API host (api.talesofai.com) is the service you expect and that you trust it; (2) treat the API token like a secret — don't paste it into public places or share it; (3) avoid sending sensitive or private data in prompts because they are transmitted to the external API; and (4) if you want extra safety, run the script in an isolated environment or inspect/modify the code to point to a different/official endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ceczb2ncnd5vnk7vvjr8ys84ktvx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments