scene-replace
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
User-provided image links and scene instructions will be processed by Flyelep’s service.
The skill instructs the agent to make an external HTTP POST request to Flyelep with image URLs and prompt parameters; this is central to the stated scene-replacement purpose and is clearly disclosed.
URL: `POST https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/aiTool/sceneReplace`
Use the skill only with images and prompts you are comfortable sending to Flyelep, and verify the source and reference image URLs before invocation.
If the API key is mishandled, someone could potentially use the user’s Flyelep account quota or access tied to that key.
The skill requires a user-supplied Flyelep API key in the request header. This is expected for the provider API and the artifact warns not to hardcode or persist the key.
所有 AI 工具接口均需在请求头中传入 `secretKey`。该密钥需由用户在 Flyelep 开放平台申请获得
Provide the secretKey only at runtime, do not store it in shared files, and revoke or rotate it if it may have been exposed.