Agent Selfie Backup
ReviewAudited by ClawScan on May 10, 2026.
Overview
The image generator mostly matches its purpose, but its registry/package identity is inconsistent and its heartbeat guide can change social avatars and persistent memory without clearly requiring user approval.
Before installing, verify that the ClawHub slug, owner, version, and GitHub source are the exact package you intend to trust. Use a limited Gemini API key, choose an output directory intentionally, and do not enable heartbeat/profile-refresh behavior unless the agent must ask you before saving memory or updating any public avatar.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may think you are installing this reviewed backup package, but the instructions point to a different package/repository identity.
The package under review does not match the bundled metadata or install/update instructions, so a user following the docs could install or update a different skill than the reviewed registry artifact.
Registry: slug agent-selfie-backup, version 1.0.0, Source: unknown; _meta.json: "slug": "agent-selfie", "version": "1.2.1"; INSTALL.md: "npx clawhub install agent-selfie"
Verify the exact ClawHub slug, owner, version, and GitHub source before installing; update the package metadata and docs so they all refer to the same artifact.
If connected to other skills or accounts, the agent could change your public avatar/profile presentation without a separate confirmation step.
Changing avatars on third-party platforms mutates public account/profile state. The instruction gives the agent a quality-based condition but does not require explicit user approval before making the change.
Optional Avatar Updates - Update Discord/Twitter/AgentGram avatar if quality is strong.
Require preview and explicit approval before any Discord, Twitter/X, AgentGram, or other public profile update, and keep rollback instructions for restoring the previous avatar.
Generated avatar paths and style preferences could persist across future tasks or sessions.
The skill documents persistent memory use for generated assets and style metadata. This is purpose-aligned, but it means outputs and preferences may be reused in later agent contexts.
- Log the new asset path in memory for future references. - Save favorites to memory with mood and theme tags.
Only allow memory logging if you want persistent visual-identity history; avoid storing sensitive local paths or private prompt details.
The skill can use your Gemini account quota and may incur provider-side usage or cost.
The script reads a Gemini API key from the environment and sends it to the Gemini API endpoint, which is expected for this image-generation purpose. The provided code does not show hardcoded keys or unrelated credential transmission.
api_key = (os.environ.get("GEMINI_API_KEY") or "").strip(); url = f"{API_BASE}/models/{model}:generateContent?key={api_key}"Use a dedicated Gemini API key with appropriate quota limits and rotate it if you no longer use the skill.