AI Image Generation
PassAudited by ClawScan on May 1, 2026.
Overview
This is a transparent image-generation guide that discloses third-party provider use and local memory, with no evidence of hidden or destructive behavior in the provided artifacts.
Before installing, decide which image providers you trust with your prompts and reference images, use budget-limited API keys, and review the local ~/image-generation/ memory files if your projects contain sensitive creative or business details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these keys are configured, image requests may run against the user's provider accounts and consume credits or incur costs.
The skill can use optional credentials for multiple image-generation providers. This is expected for the stated purpose, but those credentials may grant provider account access, quota use, or billing authority.
"env.optional":["OPENAI_API_KEY","GEMINI_API_KEY","BFL_API_KEY","GOOGLE_CLOUD_PROJECT","REPLICATE_API_TOKEN","LEONARDO_API_KEY","IDEOGRAM_API_KEY"]
Use least-privileged or project-specific API keys where possible, set spending limits, keep keys in environment variables, and never paste secret values into chat.
Sensitive prompts, brand material, personal photos, or reference images may be processed by the chosen provider.
The skill explicitly discloses that prompts and optional reference images are sent to third-party AI providers. This is central to the image-generation purpose and is clearly described.
"Data that leaves your machine:" - "Prompt text" - "Reference images when editing or style matching"
Only send content you are comfortable sharing with the selected provider; use the documented local route for private/offline work when appropriate.
Future requests may reuse stored preferences or project details, and the local memory file may contain sensitive creative or business context.
The skill stores reusable project context, style constraints, and prompt recipes in a persistent local memory file. This is scoped and disclosed, but persistent context can influence future image-generation sessions.
Copy this into `~/image-generation/memory.md` ... "Active Projects" ... "Required consistency constraints" ... "Prompt snippets that produced reliable outcomes"
Review and edit ~/image-generation/memory.md and optional history.md periodically; avoid storing secrets or confidential material that should not be reused later.
If the user chooses the local workflow and runs the example, they will install third-party packages from the package ecosystem.
The documentation includes optional, user-directed installation of third-party packages for local image generation. This is expected for the local workflow, but the packages are not pinned in the example.
pip install diffusers transformers accelerate torch
Install optional packages in a virtual environment, pin versions for repeatable setups, and use trusted package sources.