PixelDojo
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts match a PixelDojo media-generation helper; it uses your PixelDojo API key to submit jobs and save downloaded results, with no malicious behavior evident.
This skill appears safe for its stated purpose if you intend to use PixelDojo. Before installing, make sure you trust PixelDojo with the prompts and input URLs you provide, understand that generations may consume account credits, and choose output paths carefully to avoid overwriting files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill should understand that generated jobs run under their PixelDojo account and may consume subscription credits.
The helper uses the user's PixelDojo API key as a bearer token for generation and job-status API requests, which is expected for the service but grants access to the user's PixelDojo account capabilities.
API_KEY="${PIXELDOJO_API_KEY:-}" ... -H "Authorization: Bearer ${API_KEY}"Use a dedicated PixelDojo API key if available, monitor account usage, and leave PIXELDOJO_API_BASE at the default unless you intentionally trust an alternate endpoint.
The agent can create paid generation jobs and save or overwrite files at the chosen output location.
The script submits generation jobs to PixelDojo and downloads the resulting asset to a local path. This is purpose-aligned, but it is still a network action plus a local file write.
curl -sS -X POST "${API_BASE}/models/${MODEL}/run" ... curl -sS -L "$OUTPUT_URL" -o "$OUTPUT_PATH"Review the requested prompt, model, duration, and output path before allowing large or repeated generations, especially for video jobs or custom output paths.