Picnow — Image Generation
PassAudited by ClawScan on May 10, 2026.
Overview
This skill coherently uses a Picnow/Letmego API key to generate or edit images, with no evidence of hidden persistence or unrelated data access, but users should notice the credential use and third-party upload of reference images.
Before installing, confirm you trust api.letmego.top/Picnow with your prompts, reference images, and API usage. Set LETMEGO_API_KEY only for this service, review file paths before using --ref, and remember that generated images may consume your provider quota or balance.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume the user's Picnow/Letmego API quota or balance under their account.
The script uses the user's Letmego API key to authenticate API calls. This is needed for the stated service, but it is still delegated account authority and is under-declared by the registry metadata.
const token = process.env.LETMEGO_API_KEY; ... Authorization: `Bearer ${token}`,Install only if you intend to use Picnow/Letmego, set a dedicated API key if possible, and monitor quota or billing usage.
Reference images or files you provide may leave your machine and be processed by Picnow/Letmego.
When --ref is used, the selected local file is encoded and uploaded to the disclosed Picnow API for image editing. This is purpose-aligned but sends user content to a third-party provider.
const refB64 = await readFileAsBase64(refPath); ... fetch(`${API_BASE}/v1/images/edits`, { method: 'POST', ... body: form })Use reference files only when you are comfortable uploading them, and verify the path before running image-to-image edits.