ClawHub

GLM-V-Prompt-Gen

v1.0.2

Analyze images/videos and generate professional prompts for text-to-image and text-to-video AI tools (Midjourney, Stable Diffusion, DALL-E, Sora, Runway, Kli...

1· 255·1 current·1 all-time
byJared Wen@jaredforreal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (generate image/video prompts) aligns with the included script and required items. The skill only requests a ZHIPU_API_KEY and Python, which are appropriate for calling the Zhipu/BigModel vision API used to analyze visuals and produce prompts. Minor note: the DEFAULT_MODEL string ('glm-5v-turbo') differs from models documented elsewhere in the file, but this is an implementation/configuration inconsistency rather than a security mismatch.
Instruction Scope
SKILL.md and the script instruct the agent to accept images (local paths, URLs, or base64) and video URLs and then send them to BigModel's chat/completions endpoint. This is in-scope for prompt generation, but it means any local images you provide will be read, base64-encoded, and uploaded to the remote API. Videos must be provided as URLs. The SKILL.md also mandates printing the full returned prompt output exactly; otherwise, the runtime instructions stay within the stated purpose.
Install Mechanism
No install spec is provided (instruction + single Python script). That poses low install risk: nothing is downloaded or executed beyond running the included script with Python and its normal imports (requests).
Credentials
Only ZHIPU_API_KEY is required (declared as primaryEnv), which is proportionate for calling the BigModel/Zhipu API. SKILL.md suggests storing the key in openclaw.json or shell env; it also notes the key is shared with other Zhipu skills — this is an operational note but means multiple skills can reuse the same credential. Be aware the key will be sent as a Bearer token to open.bigmodel.cn.
Persistence & Privilege
The skill is not marked 'always:true' and does not request persistent elevated privileges. It does not modify other skills' configs. It only reads provided image files and environment variables as needed.
Assessment
This skill appears to do what it says: it will read any local images you pass (or accept image URLs/base64) and upload them, along with your request, to Zhipu/BigModel (open.bigmodel.cn) using the ZHIPU_API_KEY you provide. Before installing or running: 1) Do not send sensitive or private images/videos (they will be transmitted to a third party). 2) Confirm you trust the Zhipu/BigModel service and understand potential billing/retention/privacy policies for your API key. 3) Store the API key using the method you control (openclaw.json, environment) and avoid sharing it broadly; note the key can be reused by other Zhipu skills on your agent. 4) If you want extra assurance, review the full script in scripts/prompt_gen.py (it uses requests and posts only to open.bigmodel.cn) and verify the default model/config if you have model-specific constraints.

Like a lobster shell, security has layers — review code before you run it.

latestvk974k5chvtcdgr6mw8sacj5dgs83v6zt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binspython
EnvZHIPU_API_KEY
Primary envZHIPU_API_KEY

Comments