TensorLab Image
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent TensorsLab image-generation client, but it uses your API key and may upload selected images to TensorsLab.
This skill appears purpose-aligned and not malicious based on the provided artifacts. Before using it, make sure you trust TensorsLab with your prompts and any source images, protect your TENSORSLAB_API_KEY, and be cautious with sensitive photos or edits that could mislead others.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume TensorsLab credits and relies on protecting the API key.
The script reads a provider API key from the environment and sends it as a bearer token to TensorsLab, which is expected for this integration but gives the skill access to the user's TensorsLab account quota.
api_key = os.environ.get("TENSORSLAB_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated/revocable TensorsLab API key if possible, avoid sharing logs that include credentials, and rotate the key if it is exposed.
Any selected local image, including photos of people or private material, may be sent to TensorsLab for processing.
For image-to-image and editing workflows, local source images supplied to the script are opened and included in the multipart request to the external TensorsLab API.
for img_path in source_images:
f = open(img_path, "rb")
...
files.append(("sourceImage", (os.path.basename(img_path), f)))Only provide image files you are comfortable uploading to the provider, and check TensorsLab's privacy and retention terms for sensitive images.
Users who rely on a local or corporate proxy for network routing, monitoring, or access control may not get the expected proxy behavior for this script.
The HTTP session explicitly clears proxy settings for this client, which may bypass a user's configured proxy for these provider calls.
_SESSION = requests.Session()
_SESSION.proxies = {"http": "", "https": ""}If proxy use is required, review or modify this session configuration before running the script.
Outputs could be mistaken for unedited or authentic images if shared without disclosure.
The face replacement prompt template asks for edits that are hard to detect, which is disclosed and user-directed but can affect trust in generated media.
The result should look natural and undetectable as an edit.
Use face replacement and watermark/object removal only with appropriate rights and consent, and disclose edits when sharing results.