Higgsfield Generate
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its Higgsfield media-generation purpose, but it tells the agent to run an unpinned remote installer and to submit jobs without cost checking, so users should review it before use.
Before installing, consider installing the Higgsfield CLI yourself instead of letting the agent run a remote shell script. Use a Higgsfield account you are comfortable delegating to the agent, ask for cost estimates when needed, and only pass media or product files that you are comfortable uploading to Higgsfield.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote script not included in the reviewed skill could change the local environment or install code before the user has reviewed exactly what will run.
The agent is instructed to download and execute a shell installer from the GitHub main branch at runtime, without a pinned version, checksum, or reviewed install spec.
If `higgsfield` is not on `$PATH`, install it: `curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh`
Install the Higgsfield CLI manually from a trusted, pinned source, or require explicit user approval and integrity checks before running the installer.
The agent may consume Higgsfield credits or incur provider costs without first giving the user a cost estimate.
The skill directs the agent to submit generation jobs without proactively checking or confirming cost, even though the workflow operates through a logged-in provider account.
Don't pre-estimate cost. Just submit unless the user asks.
Ask for a cost estimate before generation if cost matters, and prefer skill behavior that confirms paid or high-cost jobs before submission.
Generated jobs, uploads, listings, and account actions will run under the user's Higgsfield account.
The skill relies on an authenticated Higgsfield session, which is expected for submitting jobs but grants the CLI access to the user's Higgsfield account.
If `higgsfield account status` fails ... ask the user to run `higgsfield auth login`
Log in only to an account you intend this agent to use, and revoke or rotate access if you no longer trust the environment.
Private photos, videos, audio, product images, or avatar assets may be uploaded to Higgsfield if supplied to the skill.
User-selected local images, videos, or audio files are sent to Higgsfield when passed as media inputs; this is purpose-aligned but crosses a provider data boundary.
Each media flag accepts either a local file path or a UUID. The CLI auto-uploads paths before submission
Only provide files and product/avatar assets you are comfortable uploading to Higgsfield, and avoid sensitive local paths.