Tensorslab Image
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a TensorsLab image-generation tool, but its built-in watermark-removal and undetectable face-swap workflows create review-worthy deception and rights-risk concerns.
Review carefully before installing. The API client itself appears aligned with TensorsLab image generation, but you should only use the watermark-removal and face-swap features with proper rights and consent, avoid uploading sensitive images, and configure a dedicated TensorsLab API key in a trusted environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could use the skill to create images that hide edits or remove ownership/provenance marks, increasing deception, impersonation, or rights-violation risk.
The documented prompts encourage removing watermarks/logos and making face replacements undetectable, without documented ownership, consent, or provenance safeguards.
No text or logos should remain... The result should look natural and undetectable as an edit.
Only use these workflows on images you own or have permission to edit, and add explicit confirmation/consent checks for watermark removal, identity-preserving edits, and face replacement.
The skill can spend account credits or access provider-side generation tasks using the configured TensorsLab key.
The script uses a bearer API key for TensorsLab account access, which is expected for this provider but is not reflected in the registry requirements.
api_key = os.environ.get("TENSORSLAB_API_KEY") ... "Authorization": f"Bearer {api_key}"Declare TENSORSLAB_API_KEY in metadata, use a dedicated/limited API key if available, and avoid sharing logs or screenshots that could expose account details.
Any selected source image, including personal photos, will leave the local machine and be processed by the provider.
Image-to-image and editing workflows send user-selected local images and prompts to the external TensorsLab API, which is purpose-aligned but important for privacy awareness.
Upload source images with prompt
Confirm source image paths before running the skill and avoid uploading private, regulated, or third-party images unless you are comfortable sending them to TensorsLab.
Users may install whatever current version of the dependency is served by their package index.
The skill relies on a user-directed, unpinned package install rather than a declared install spec; this is common for Python helpers but leaves dependency provenance to the user's environment.
pip install requests
Publish an install spec or requirements file with pinned versions, or have users install dependencies in a trusted virtual environment.