Kie Ai Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its advertised kie.ai image-generation purpose, but it has a command-injection bug and may send the KIE API key to unvalidated image download URLs.
Review this skill before installing. Its core image-generation workflow is understandable, but avoid untrusted `models --category` input and be aware that the current downloader may expose the KIE API key to result URL hosts. Use revocable API keys, monitor credit usage, and delete local task/image history if prompts or outputs are sensitive.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental crafted category argument could make the skill run unintended local code on the user's machine.
The shell expands the user-supplied category argument directly into Python source. A crafted value containing a quote and Python code could execute locally when `models --category` is run.
python3 -c " ... category = '$3' if category not in data['models']:
Avoid using `models --category` with untrusted input until fixed. The skill author should pass the category as a Python argument, validate it before use, or avoid `python3 -c` string interpolation.
If the returned image URL points to a third-party host or is redirected unexpectedly, the KIE API key could be exposed and potentially used to spend credits or access the account.
The download function sends the KIE bearer token to the arbitrary `url` supplied by the API result, without checking that the host is a trusted kie.ai download domain.
headers = {
"Authorization": f"Bearer {API_KEY}",
"User-Agent": "Mozilla/5.0"
}
req = urllib.request.Request(url, headers=headers)Only attach the Authorization header to validated kie.ai-owned domains, strip credentials on redirects, and download public result URLs without the API key when possible.
Users may believe credentials and network traffic are limited to the listed API endpoints when the implementation can contact additional result URLs.
The stated security manifest lists only kie.ai API endpoints, but the same file downloads image URLs returned by the API and sends an Authorization header to those URLs.
No data is sent to any endpoint other than those listed above.
Update the security manifest to accurately describe result-URL downloads and credential handling, and add domain validation before sending credentials.
Using the skill can spend kie.ai credits, especially with higher-resolution models.
The skill creates paid image-generation tasks through the kie.ai API. This is the advertised purpose, but it can consume account credits.
result = api_request("POST", "/jobs/createTask", data)Confirm prompts, model choices, and resolution before invoking generation, and monitor usage with the `balance` command or kie.ai dashboard.
Sensitive prompt text may remain on disk after generation and could be visible to anyone with access to the skill directory.
Task state stores prompts and related metadata in `.task-state.json`, which persists locally for resume and usage tracking.
"prompt": prompt, "model": model, "status": "pending",
Avoid entering sensitive prompts unless local retention is acceptable, and periodically delete `.task-state.json` and generated files if needed.
Generated images uploaded with `--upload-drive` are sent to Maton/Google Drive and may persist in the configured Drive folder.
Optional Google Drive upload sends file bytes through the Maton gateway. This is disclosed and user-directed, but it adds another service boundary.
url = 'https://gateway.maton.ai/google-drive/upload/drive/v3/files?uploadType=multipart'
Use Drive upload only when intended, verify the configured folder ID, and use a revocable Maton API key.