free quota text to image

This skill implements the advertised multi-provider image pipeline but you should be cautious before installing or running it: - Secrets: the skill expects provider tokens (HF/Gitee/ModelScope/A4F/OpenAI-compatible) via config or environment variables (T2I_PEINTURE_*), but the registry entry did not list them. Do not place production secrets in repository files — use OpenClaw env injection or a vault. - .env reading: when run, the CLI will try to load .env files from the current and parent directories. Run it from a safe folder (not your repo root containing other secrets) or remove .env files you don't want read. - Network & privacy: prompt optimization and translation send your prompt text to third-party endpoints (e.g., https://text.pollinations.ai/openai and provider chat endpoints). If prompts contain sensitive info, disable prompt optimization/translation (CLI flags --no-optimize-prompt, --no-auto-translate) or review/host the services yourself. - Persistent state: exhausted-token metadata is written to ~/.codex/skills/.state/free-quota-image-skill/token_status.json. If you share your machine, be aware this file can reveal which tokens were used/exhausted. - Review configuration: inspect assets/config.example.yaml, references/provider-endpoints.md, and references/prompt-optimization-policy.md to confirm endpoints and behaviors before using. Provide only tokens you are willing to expose to the configured endpoints and prefer injected environment configs rather than committed files. If you want higher assurance, ask the skill author to: (1) declare required env vars in registry metadata, (2) avoid automatic .env loading or make it opt-in, and (3) document exactly which external endpoints will receive prompt text and under what conditions.