Skywork Design
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skywork-design Version: 1.0.8 The Skywork Design skill bundle is a legitimate tool for generating and editing images via the Skywork AI API. The core logic in `scripts/generate_image.py` uses standard Python libraries to handle image encoding, SSE-based API communication, and file downloads to the local system. The documentation and scenario files (e.g., `scenarios/e-commerce.md`, `scenarios/branding.md`) provide detailed, task-specific prompt engineering instructions without any evidence of malicious prompt injection or unauthorized data access. API key handling via `scripts/skywork_auth.py` follows standard environment variable practices.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external provenance information for the skill publisher/source, but the supplied artifacts do not show hidden install behavior.
The registry does not provide a source repository or homepage, so provenance is limited, although the provided code is visible and no remote installer is used.
Source: unknown Homepage: none
Install from trusted registries only and review the included scripts before use, especially when providing credentials.
Anyone with access to this API key may be able to use your Skywork account quota or privileges.
The script uses the configured SKYWORK_API_KEY as a bearer token for Skywork API requests. This is expected for the service integration and there is no evidence of unrelated credential use.
"Authorization": f"Bearer {skywork_api_key}"Use a dedicated Skywork API key if possible, keep it out of chat/log output, and rotate it if it is exposed.
Reference images and prompts may leave your machine and be processed by Skywork’s backend.
For image editing, local input images are base64-encoded and sent in the request body to the Skywork API; prompts are also sent for generation/editing.
images.append({"base64": b64, "mime_type": mime}) ... result = call_sse(url, body)Do not use sensitive, private, or regulated images/prompts unless you are comfortable with Skywork processing them under its service terms.
The skill may direct you to a paid membership upgrade if your account is not eligible for image generation.
The skill instructs the agent to show an upgrade link only when the API returns an insufficient-benefit error. It does not show evidence of making purchases automatically.
This skill requires upgrading your Skywork membership to use ... [Upgrade now →](url)
Treat upgrade links as a manual decision, verify the destination, and do not approve any purchase unless you intend to upgrade.