ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AIDraw批量图生图

v1.0.0

AIDraw批量图生图自动化工具。用于腾讯混元AI(timiai.woa.com)的批量参考生图任务。当用户需要批量上传参考图片、自动生成AI图片并下载时使用此skill。支持自定义关键词、每张图片多次生成、自动命名保存。

0· 117·0 current·0 all-time
by@chottomattekimkim-droid

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chottomattekimkim-droid/aidraw-batch-img2img.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "AIDraw批量图生图" (chottomattekimkim-droid/aidraw-batch-img2img) from ClawHub.
Skill page: https://clawhub.ai/chottomattekimkim-droid/aidraw-batch-img2img
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aidraw-batch-img2img

ClawHub CLI

Package manager switcher

npx clawhub@latest install aidraw-batch-img2img
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the code: the script uses Playwright to automate timiai.woa.com, upload reference images, generate variants and download results — this is appropriate for a batch img2img tool. However, documentation says the script will prompt for source folder/keyword/generations, while the visible code contains hardcoded defaults (a specific Windows path, a long keyword string, generations_per_image=5). README, SKILL.md and the script disagree about default generation counts (SKILL.md says default 2, README mentions 4, code uses 5). These inconsistencies suggest sloppy packaging or that the script may run without prompting if not edited.
Instruction Scope
SKILL.md instructs login to timiai and saving login state; the script creates a persistent Playwright profile under ~/.timiai_browser_data to store session data — this is coherent with the purpose. The instructions and script read and write local files (source folder, save folder) which is expected. No evidence in the visible code of reading unrelated system files. However the script imports 'requests' (not visible being used in truncated portion) and the source code shown is truncated, so it's unknown whether it makes other network requests beyond interacting with timiai; this uncertainty raises caution.
Install Mechanism
No install spec — instruction-only skill with a Python script. Dependencies are standard (playwright, requests). The recommended install commands are typical and use official packages. No downloads from unknown URLs are present in the reviewed files.
Credentials
The skill requests no environment variables or credentials. It does create and use a browser user-data directory in the user's home (~/.timiai_browser_data) to persist login state — this is reasonable for preserving a logged-in session, but users should be aware that cookies and tokens for timiai will be stored on disk. No other credentials are requested, but because the code is truncated, it's unknown whether it later transmits data to other endpoints (the presence of 'requests' import suggests potential additional network I/O).
Persistence & Privilege
always is false and the skill is user-invocable. The script stores its own browser profile under the user's home directory (a normal behavior for Playwright persistent contexts). It does not request elevated persistence or modify other skills or system-level settings in the visible code.
What to consider before installing
This skill appears to do what it says (automate timiai image-generation via Playwright) but take precautions before running: 1) Review the full scripts/batch_img2img.py file to the end (the provided file was truncated) and search for any network calls beyond timiai (look for requests.post/get or other external domains). 2) Edit the script to remove or change the hardcoded source_folder, keyword and generations defaults so it actually prompts you, or confirm the path before running — otherwise it may act on an unexpected folder. 3) Be aware the script creates ~/.timiai_browser_data to store login/session cookies; if you don't want your timiai login persisted, run in a temporary profile or delete that folder after use. 4) Run first in a controlled environment (non-admin account, test folder) and watch the browser actions to ensure it only talks to timiai. 5) If you are not comfortable auditing the remainder of the code yourself, do not grant it permission to access sensitive accounts; ask the author for provenance and a full, untampered source. These issues are likely sloppy engineering rather than evidence of intentional malice, but incomplete/truncated code and inconsistent docs justify caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bndp4x10n13pn30j8dfmk8184hryv
117downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@chottomattekimkim-droid
latest
Download

AIDraw批量图生图自动化工具

此Skill用于自动化腾讯混元AI平台(timiai.woa.com)的批量参考生图流程。

使用场景

当用户需要:

  • 批量处理多张参考图片生成AI图片
  • 每张参考图生成多次(如生成2个变体)
  • 自动下载生成的图片到指定文件夹
  • 自定义生成关键词和风格描述

工作流程

  1. 配置参数

    • 源文件夹路径(包含参考图片)
    • 保存文件夹路径(自动命名:源文件夹名_日期AI
    • 生成关键词(风格描述)
    • 每张图片生成次数(默认2次)

  2. 自动化步骤(对每张参考图重复执行)

    • 步骤1:切换到"参考生图"模式
    • 步骤2:清空旧的参考图片
    • 步骤3:上传新的参考图片
    • 步骤4:输入关键词
    • 步骤5:选择图片比例(自适应)
    • 步骤6:选择清晰度(2K高清)
    • 步骤7:点击生成按钮
    • 步骤8:等待图片生成完成
    • 步骤9:自动下载生成的图片
    • 步骤10:验证下载的图片

  3. 输出结果

    • 所有生成的图片保存在指定文件夹
    • 文件命名格式:原文件名_序号.png

使用方法

执行主脚本:

python scripts/batch_img2img.py

脚本会提示用户输入:

  • 源文件夹路径
  • 生成关键词(可选,有默认值)
  • 每张图片生成次数(可选,默认2次)

依赖要求

  • Python 3.8+
  • playwright
  • requests

安装依赖:

pip install playwright requests
playwright install chromium

注意事项

  1. 登录状态:首次使用需要手动在浏览器中登录timiai.woa.com,脚本会保存登录状态
  2. 网络要求:需要能够访问腾讯内网
  3. 生成时间:每张图片生成约需30-180秒,请耐心等待
  4. 浏览器窗口:脚本运行时会打开浏览器窗口,请勿关闭

参数配置

在脚本中可修改以下参数:

# 源文件夹(包含参考图片)
source_folder = r"路径\到\你的\参考图片文件夹"

# 生成关键词
keyword = """你的风格描述关键词"""

# 每张图片生成次数
generations_per_image = 2

文件说明

  • scripts/batch_img2img.py - 主执行脚本
  • references/keyword-templates.md - 关键词模板参考

错误处理

脚本包含完善的错误处理:

  • 自动重试机制
  • 超时检测(最大等待180秒)
  • 图片验证(检查文件大小)
  • 失败时自动跳过继续下一张

Comments

Loading comments...