Reve AI Image Generation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: reve-ai Version: 1.0.2 The skill bundle is designed for image generation, editing, and remixing via the Reve AI API. The `scripts/reve.ts` file handles API key retrieval from environment variables, makes POST requests to `https://api.reve.com`, and performs file I/O (`readFileSync`, `writeFileSync`) for input and output images. These file operations are directly aligned with the stated purpose of an image processing tool. There is no evidence of intentional data exfiltration beyond the API key to the legitimate API endpoint, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in `SKILL.md` or `AGENTS.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoking the skill can use the configured Reve account and spend API credits.
The skill uses a Reve API key from the environment to authenticate API calls. This is expected for the stated service, but it gives the skill access to act against that Reve account and consume credits.
const key = process.env.REVE_API_KEY || process.env.REVE_AI_API_KEY; ... "Authorization": `Bearer ${getApiKey()}`Use a Reve-specific, revocable API key and only expose it in environments where you intend this skill to run.
Any image selected with the input option is uploaded to Reve for processing.
For edit and remix operations, the script base64-encodes the user-provided image files and includes them in requests to the external Reve API.
reference_image: loadImageBase64(values.input), ... reference_images: inputs.map(loadImageBase64)
Only provide images you are comfortable sending to Reve, and verify input paths before running edit or remix commands.