sketch-illustration

v1.1.0

插画图片生成技能，支持多种手绘风格。使用 Imagen 3（ZenMux API）生成插图，适合流程图、功能说明、PPT配图、教程配图、知识图和手绘信息图等场景。支持四种风格：A) Sketch 极简手绘风（Notion/Linear 风格，简笔人物，冷淡低饱和）；B) Watercolor 奶油彩铅水彩风（暖色...

⭐ 0· 450·0 current·0 all-time

by@dadaniya99

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

!

Purpose & Capability

The declared purpose (Imagen/ZenMux image generation and upload to Feishu) matches the code and instructions, so the overall capability is plausible. However the skill manifest declares no required credentials or config, while runtime steps and scripts clearly require a ZenMux API key and Feishu app credentials (read from ~/.openclaw/openclaw.json or ZENMUX_API_KEY). Not declaring these required secrets is an inconsistency.

!

Instruction Scope

SKILL.md and the shipped scripts instruct the agent to read ~/.openclaw/openclaw.json (to extract ZenMux and Feishu credentials), write output to /root/myfiles/, call the ZenMux API, and invoke a Feishu send script located in another skill’s workspace. Reading a global agent config file and invoking another skill’s script go beyond a self-contained image-generator instruction and represent scope creep and credential access that are not declared.

ℹ

Install Mechanism

No remote install/download steps are present (instruction-only install spec), which is lower risk. The package does include two executable scripts (python/bash) that will run network requests when invoked; no external URL downloads or archive extraction are used during install.

!

Credentials

The manifest lists zero required env vars, but generate_sketch.py expects ZENMUX_API_KEY (or falls back to reading openclaw.json) and send_to_feishu.sh reads Feishu appId/appSecret/domain from ~/.openclaw/openclaw.json. This access to global credentials is disproportionate to the manifest and not disclosed. The skill also assumes access to /root/.openclaw and /root/.openclaw/workspace/skills/feishu-send-file -- implicit privileges that should be declared.

ℹ

Persistence & Privilege

always is false and autonomous invocation is allowed (platform default). The skill reads global config and calls another skill’s script, which increases blast radius but does not request forced persistence or modify other skills' configurations. This cross-skill invocation is notable but not an explicit privilege escalation in the manifest.

What to consider before installing

This skill will try to call ZenMux (https://zenmux.ai) to generate images and automatically upload them to Feishu by reading credentials from ~/.openclaw/openclaw.json (or ZENMUX_API_KEY). Before installing or running it: 1) Don't assume credentials are private — the skill reads your global openclaw.json; prefer supplying a dedicated ZENMUX_API_KEY and Feishu tokens via explicit env vars rather than exposing the whole config file. 2) Inspect /root/.openclaw/openclaw.json and confirm what secrets will be accessible. 3) Verify the feishu-send-file script it invokes exists and review that script to ensure it won't exfiltrate data elsewhere. 4) If you want least privilege, modify the scripts to accept explicit env vars (ZENMUX_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_DOMAIN) and avoid reading ~/.openclaw/openclaw.json or hardcoded /root paths. 5) Test in a sandbox or with dummy keys and a dry-run option first (do not run with real credentials until audited). If the publisher can update the manifest to declare the required env vars and avoid reading global agent config, the incoherence would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ft5mxt7xgadkfmtft36skm182zr8y

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

插画生成 Skill

支持多种手绘插画 / 知识图风格，按需选择，用 Imagen 3 生成并发送到飞书。

风格选择

查看 references/styles.md 了解四种风格的详细说明和使用场景：

风格 A：Sketch 极简手绘风（默认）— Notion/Linear 风，极简冷淡，适合技术流程图
风格 B：Watercolor 奶油彩铅水彩风 — 暖色调纸纹，适合 PPT 配图、课程讲义
风格 C：Flat Vector Retro 扁平矢量复古风 — 黑色轮廓线+几何简化，适合 NotebookLM PPT、课程封面、复古感内容
风格 D：Doodle Infographic 白纸手绘知识图风 — 白纸背景、拟人角色、高信息密度、手账/课堂板书感，适合概念对比、方法论、知识海报、拖延机制图

用户未指定时默认用风格 A；如果用户明确喜欢“白纸手绘知识图 / 蜗牛 / 拟人大脑 / 手账板书感 / 信息很多但不乱”这类效果，优先用风格 D。

如果使用风格 D，再按图类型去读对应模板：

机制图：references/doodle-template-mechanism.md
对比图：references/doodle-template-compare.md
步骤流程图：references/doodle-template-flow.md

执行流程

1. 确认内容与风格

明确要画什么内容、用什么风格
从 references/styles.md 取对应风格块
风格 B 的布局模板在 references/image-assistant-templates/
风格 D（手绘知识图）优先确认：
- 是单张知识海报还是对比图 / 流程图 / 多模块信息图
- 是否需要拟人角色（如蜗牛、脑子、小龙虾）
- 是否需要高信息密度但少长段文字

2. 构建 Prompt

基础结构：

[风格块（从 styles.md 复制）]

顶部居中标题：'[中文标题]'

[内容描述：人物、场景、元素、布局]

[负面约束]

详细提示词模板见 references/prompt-guide.md。

如果是风格 D，不要只写“画个XX知识图”，要先明确图类型：

机制图：读 references/doodle-template-mechanism.md
对比图：读 references/doodle-template-compare.md
步骤流程图：读 references/doodle-template-flow.md

优先直接复用对应模板里的 prompt 骨架，再替换成当前主题。

3. 生成图片

cd /root/.openclaw/workspace/skills/zenmux-image-generation
ZENMUX_API_KEY="<key>" python3 scripts/generate.py \
  --output /root/myfiles/<filename>.png \
  --prompt "<完整prompt>"

API Key 读取：

cat ~/.openclaw/openclaw.json | python3 -c "import json,sys; d=json.load(sys.stdin); print(d['models']['providers']['ZenMux']['apiKey'])"

4. 上传并发送到飞书

bash scripts/send_to_feishu.sh /root/myfiles/<filename>.png <open_id>

该脚本现在走稳定发图链路（飞书 im/v1/images -> image_key -> msg_type=image），不再依赖容易把本地路径发成文本的旧链路。

猫南北的 open_id：ou_22f2eefd5abe63e0cd67f4882cec06d4

注意事项

模型：google/gemini-3-pro-image-preview（需要 ZenMux Pro+）
403 偶发，重试即可
图片输出到 /root/myfiles/
所有文字标注默认中文
风格 B 的多张成套配图工作流见 references/image-assistant-workflow.md
风格 D 不要写成长段密集小字，优先用：标题、短句、箭头、卡片、小标签、拟人角色来承载信息
风格 D 的核心不是“神奇咒语”，而是：主体 + 情绪/主题 + 隐喻物 + 白纸手绘版式 + 高信息密度 + 可爱角色 的组合

Files

23 total

Select a file

Select a file to preview.

Comments

Loading comments…