ClawHub

Pet Renaissance Portrait Generator

v1.0.0

your pet into a royal Renaissance masterpiece — AI-powered royal pet portrait generator creates museum-quality oil painting portraits of dogs, cats, and any...

0· 34·0 current·0 all-time
by@blammectrappora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script posts a prompt to api.talesofai.com /v3/make_image and polls /v1/artifact/task for results to return an image URL. The required capability (an API token) is exactly what you would expect for an image-generation client.
Instruction Scope
SKILL.md instructs the agent/user to run the provided Node script and pass a Neta API token via --token. The runtime code only reads CLI args and performs network requests to the advertised API; it does not read arbitrary files, environment variables (other than process argv), or other system state.
Install Mechanism
No install spec is present and the package is instruction-only with a small script. Nothing is downloaded or written to disk by an installer step in the package metadata, which minimizes install-time risk.
Credentials
The skill requires a Neta API token, but registry metadata listed no required env vars or 'primary credential'. The token is passed as a CLI flag (--token) rather than via an environment variable; this is reasonable but the registry metadata could have declared the credential to make the requirement clearer.
Persistence & Privilege
The skill is not force-included (always: false), does not modify other skills or system configuration, and does not request persistent privileges beyond performing outbound HTTPS calls.
Assessment
This skill appears to do exactly what it claims: send your prompt to the Neta/TalesOfAI image API and return an image URL. Before installing or running it, consider: 1) the script requires your API token — avoid passing long-lived secrets on the command line (they can end up in shell history or process listings); prefer exporting a temporary environment variable or other secure method if supported. 2) Review whether you trust the backend (api.talesofai.com / neta.art) with any prompt content or reference-image UUIDs you provide, since image data and prompts are sent to that service. 3) The repository metadata did not declare the credential requirement explicitly, but the script requires a token via --token. If you need stronger assurance, inspect the short JS file yourself (it's included) or run it in an isolated environment. Overall the skill is internally consistent and not suspicious, but protect your API token and be mindful of sending private image data to the remote API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm9etwb554ebxra4w1t1335846dv1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments