OpenAI Image CLI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the published npm package that provides the openai-image command.
The documented setup installs an external npm package globally without pinning a version. This is user-directed and central to the skill, but it means the installed executable comes from outside the reviewed artifact.
npm install -g @versatly/openai-image-cli
Install only if you trust the package and publisher; consider pinning a version and reviewing the linked package/repository before global installation.
The CLI can make billable OpenAI image requests using the configured key.
The CLI requires an OpenAI API key, either via environment variable or local config. This is expected for the stated purpose, but it grants access to the user's OpenAI account and billing.
export OPENAI_API_KEY=sk-... openai-image config set api-key sk-...
Use an appropriate project-scoped API key, set account spending limits where possible, and avoid exposing the key in shared shells, logs, or chats.
Sensitive photos, images, or prompt text could be included in requests to OpenAI if the user chooses those inputs.
The skill supports editing local images and using additional reference images through an OpenAI image workflow. This is purpose-aligned, but user-provided files and prompts may be sent to the external provider.
openai-image edit <image> "instructions" [options] --images <paths...> Additional reference images (up to 16)
Do not submit private or regulated images/prompts unless you are comfortable with the provider handling them under its applicable policies.
Someone with access to the local environment may be able to view past generation history.
The CLI keeps local generation history by default. This persistence is disclosed and purpose-aligned, but it can retain records of image-generation activity until cleared.
History tracking: Enabled by default, view with `openai-image history`
Use `openai-image history --clear` when working with sensitive prompts or outputs, and check where the CLI stores history if privacy matters.