AI图片生成
v1.0.0AI生成图片,支持Kolors/FLUX/Qwen-Image等模型(需SiliconFlow API)
⭐ 0· 418·3 current·3 all-time
byasdas@duyiliu
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, required binary (curl), and required credential (SILICONFLOW_API_KEY) match the behavior in SKILL.md and scripts: the skill posts prompts to https://api.siliconflow.cn and downloads returned images. There are no unrelated credentials or surprising endpoints.
Instruction Scope
SKILL.md and scripts parse JSON responses with jq (examples and scripts call jq), but the declared required binaries list only includes curl — jq is not declared, which will break the script or cause silent failures. The included script downloads whatever URL the API returns without validating its hostname; if the API (or a compromised response) returns an unexpected internal URL, the skill will curl that address (possible SSRF-like risk). The instructions otherwise stay within the stated purpose and do not read unrelated files or env vars.
Install Mechanism
No install spec (instruction-only plus a small helper script) — nothing is downloaded or installed by the skill itself. This is low-risk from an installation perspective.
Credentials
Only SILICONFLOW_API_KEY is required and is the primary credential declared. That matches the claimed integration with SiliconFlow. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It will run only when invoked and uses the API key provided; autonomous invocation is allowed but is the platform default.
Assessment
This skill appears to do what it claims: call SiliconFlow to generate images and save them locally. Before installing: (1) only provide a SiliconFlow API key you trust and consider its scope/limits on the provider side; (2) add jq to the environment or update the skill metadata to include jq in required binaries — the script and examples expect jq and will fail otherwise; (3) be aware the script will download any URL returned by the API (if the API response were malicious or compromised it could cause the agent to fetch unexpected hosts), so run first in a safe environment or audit API responses; (4) note minor doc mismatches (model ID variants and the OpenClaw config example key name differ from the skill slug) — these are usability issues, not direct security blockers. If you do not fully trust the SiliconFlow endpoint, do not provide your API key or test in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🎨 Clawdis
Binscurl
EnvSILICONFLOW_API_KEY
Primary envSILICONFLOW_API_KEY
latest
AI 图片生成
使用 SiliconFlow API 调用 Kolors、FLUX、Qwen-Image 等模型生成图片。
Generate Image
curl -X POST "https://api.siliconflow.cn/v1/images/generations" \
-H "Authorization: Bearer $SILICONFLOW_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "Kolors/Kolors",
"prompt": "your image description",
"image_size": "1024x1024",
"num_inference_steps": 20
}'
Available Models
Kwai-Kolors/Kolors- High quality image generation (正确ID)black-forest-labs/FLUX.1-schnell- Fast generationblack-forest-labs/FLUX.1-dev- FLUX dev versionQwen/Qwen-Image- Qwen image generation
注意:模型ID可能更新,可通过
curl -s "https://api.siliconflow.cn/v1/models" -H "Authorization: Bearer $SILICONFLOW_API_KEY" | jq '.data[].id'查询最新列表
Parameters
prompt: Image description (required)image_size:1024x1024,1024x1792,1792x1024(default: 1024x1024)num_inference_steps: 1-50 (default: 20)negative_prompt: Things to avoid (optional)seed: Random seed (optional)
API Key
Get your API key from: https://cloud.siliconflow.cn
Set environment variable:
export SILICONFLOW_API_KEY="your-api-key"
Or configure in OpenClaw:
{
skills: {
entries: {
"siliconflow-image": {
enabled: true,
env: {
SILICONFLOW_API_KEY: "your-api-key"
}
}
}
}
}
Comments
Loading comments...