Happy IMG2 Direct
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: happy-img2-direct Version: 1.0.0 The skill is a well-structured tool for generating images via OpenAI-compatible APIs, featuring robust error handling, retries with exponential backoff, and batch processing capabilities. It demonstrates good security hygiene by explicitly redacting API keys and sensitive tokens from logs and error messages in both `scripts/generate-image.js` and `scripts/run.py`. The code aligns with its stated purpose and lacks any indicators of malicious intent or unauthorized data access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Image-generation requests may consume the configured provider account quota or billing, and the provider receives the prompt.
The skill uses a configured provider API key to authenticate to the image-generation endpoint. This is necessary for the stated purpose, but it is still account-level credential use.
const apiKey=provider.apiKey||(provider.apiKeyEnv?process.env[provider.apiKeyEnv]:''); ... headers:{Authorization:`Bearer ${apiKey}`,'Content-Type':'application/json'}Use a trusted provider configuration and a scoped, revocable API key where possible.
Private or sensitive text included in prompts can remain in local run logs after generation finishes.
The skill stores prompts and run metadata in local JSON files. This is useful for retries/debugging and is consistent with the documented logging behavior, but it means prompt text persists on disk.
(attempt_dir/'request.json').write_text(json.dumps({'prompt': args.prompt, 'task_name': attempt_name, 'provider': args.provider, 'model': args.model, 'size': args.size, 'timeout_ms': args.timeout_ms, 'output': str(output)}, ensure_ascii=False, indent=2), encoding='utf-8')Avoid placing secrets or sensitive personal data in prompts, and delete generated run directories if local retention is not desired.