Higgsfield Product Photoshoot
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s image-generation purpose is coherent, but it tells the agent to install an unpinned remote CLI script with Bash before use.
Before installing, review or manually install the Higgsfield CLI from a trusted source instead of letting the agent run the remote installer automatically. Use the skill only with a Higgsfield account you intend to connect, and avoid uploading sensitive product images unless you accept the provider’s data handling.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI is not installed, remote code could be executed on the user’s machine without a pinned version or reviewed package boundary.
The skill has no install spec, but instructs the agent to fetch and execute an unpinned script from the GitHub main branch.
If `higgsfield` is not on `$PATH`, install it: `curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh`
Require explicit user approval before installation, prefer a pinned release or package-manager install, and document the installer in an install spec.
The CLI may use the user’s Higgsfield account, credits, or subscription when generating images.
The skill requires a Higgsfield account session to generate images, which is expected for the provider integration but gives the CLI account-level access.
If `higgsfield account status` fails with `Session expired` / `Not authenticated`, ask the user to run `higgsfield auth login`
Log in only to the intended Higgsfield account and confirm any billing, credit, or privacy implications before use.
Product descriptions or uploaded product photos may be sent to Higgsfield’s backend and image model service.
The skill discloses a provider/backend flow for image generation; product prompts and likely uploaded product images are processed outside the local agent.
The CLI calls a backend prompt enhancer ... then submits to `gpt_image_2` and returns image URLs.
Avoid submitting confidential product images or unreleased campaign details unless the provider’s data handling terms are acceptable.