Evolink Image — AI Image Generation (GPT Image, Nano Banana 2, Seedream, GPT-4o)
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: it connects to EvoLink for AI image generation and editing, while clearly noting that prompts, images, and an API key are involved.
This looks reasonable for an EvoLink image-generation skill. Install it if you trust EvoLink with the prompts and images you provide, keep your EVOLINK_API_KEY private, and verify or pin the optional npm MCP server before running the setup command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is exposed, someone else may be able to use the user's EvoLink account or credits.
The skill requires an EvoLink API key for service access; this is expected for the stated integration, but it is still account authority that must be protected.
`EVOLINK_API_KEY` authenticates all requests. Injected by OpenClaw automatically. Treat as confidential.
Use a dedicated EvoLink API key if possible, keep it out of chat messages and logs, and rotate it if it may have been exposed.
A later installation could run a different version of the MCP server than the one originally reviewed by the user.
The optional MCP setup downloads and runs an npm package using the moving `@latest` tag; this is purpose-aligned setup guidance, but the executed code can change over time.
`mcporter call --stdio "npx -y @evolinkai/evolink-media@latest" list_models`
Verify the npm/GitHub package before installing and consider pinning a specific trusted version instead of using `@latest`.
Sensitive prompts or images may be processed remotely, and anyone with a generated or uploaded file URL may be able to access it until it expires.
The skill discloses that user prompts and images leave the local environment and are processed or hosted by EvoLink, with temporary URL-based access.
Prompts and images are sent to `api.evolink.ai`. Uploaded files expire in **72h**, result URLs in **24h**.
Avoid uploading confidential images unless you trust EvoLink's handling of them, download results promptly, and delete hosted files when no longer needed.