ClawHub

Steampunk Art Generator

v1.0.0

AI steampunk art generator — create Victorian steampunk portraits, cyberpunk Victorian characters, brass-and-gears illustrations, cosplay reference art, and...

0· 40·0 current·0 all-time
by@blammectrappora
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, SKILL.md, and the code all describe an AI image generator that calls api.talesofai.com; required inputs (a Neta API token and a prompt) match the stated purpose and no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs running the included Node script with a --token flag and prompt which matches the code. Note: the token is passed on the command line (visible to other local users via process lists and may be recorded in shell history) — this is a user privacy/usability concern but not an incoherence.
Install Mechanism
No install spec other than 'npx skills add' in docs; the package contains only a small Node script and docs. There are no remote downloads or install-time executables fetched by the skill itself.
Credentials
No environment variables, config paths, or unrelated credentials are requested. The single required secret (the Neta token) is appropriate for an API-backed image generator.
Persistence & Privilege
The skill is not always-on, does not request persistent system-level privileges, and does not modify other skills or global config. Autonomous invocation is allowed (default) but not combined with broad privileges.
Assessment
This skill appears to do what it says: it sends your provided API token and prompt to api.talesofai.com to generate images. Before installing: (1) confirm you trust the third-party service (api.talesofai.com / neta.art) and the skill owner, since your token will be sent to that service; (2) avoid passing sensitive tokens on the command line (use a safer mechanism if supported) because CLI args can be exposed via process listings and shell history; (3) check the API token scope, billing/costs, and the service's privacy/retention policy; (4) if you want stronger assurance, review the package maintainer's repository or source hosting (none listed here) and verify the domain mapping between neta.art and api.talesofai.com.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704hpny073gw7efn5bg579vx841153

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments