Z-image Local image generation with OpenVINO (no API key)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s image-generation purpose is coherent, but it tells the agent to automatically install software, packages, and a large model without clear user confirmation.
Install only if you want a local Windows/OpenVINO image generator and trust the external package/model sources. Before first use, manually approve setup, the Python/git requirements, the roughly 10 GB model download, and the install location; do not allow silent prerequisite installation unless you explicitly want it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could install dependencies and start a large model download as part of using the skill, rather than waiting for explicit approval.
This instructs the agent to run local setup and download commands automatically, before asking the user, which can mutate the local environment and consume substantial bandwidth/disk.
Auto-recovery policy — try before asking user: * If `STATE=MISSING`, `VENV_PY=BROKEN`, `PACKAGES_MISSING`, or `SCRIPTS_STALE`: automatically run `setup.py` (up to 3 attempts). ... * If `MODEL_STATUS=MISSING`: automatically run `download_model.py` (up to 3 attempts).
Require a clear user confirmation before running setup.py, download_model.py, retries, or any large download; show expected disk use and network destinations first.
The skill may attempt to install or update Python on the user’s machine without an explicit approval step.
The visible instruction indicates a silent software installer may be run as part of setup; system prerequisite installation is high-impact and should not be silent or automatic.
**If Python is missing or outdated**, run this one-command silent installer in PowerShel...
Do not run silent prerequisite installers automatically. Ask the user to approve the installer, provide the source URL, and prefer user-directed installation instructions.
Setup depends on third-party code and model sources that the user must trust.
The dependency list installs code from external package indexes and GitHub repositories; some Git dependencies are pinned, while several package dependencies are not pinned to exact versions.
git+https://github.com/openvino-dev-samples/optimum-intel.git@2f62e5aee74b4acba3836e1f26678c0db0a09c00 ... git+https://github.com/huggingface/diffusers.git@a1f36ee3ef4ae1bf98bd260e539197259aa981c1 ... modelscope ... Pillow ... transformers ... accelerate ... huggingface_hub
Use a lockfile or fully pinned dependency set where possible, and document the trusted upstreams and expected network destinations.
The venv, model, generated script, and outputs will remain on disk until removed.
The skill documents persistent local artifacts it creates. The persistence is purpose-aligned and no background agent is shown, but users should know these files remain after use.
{USERNAME}_openvino\ ├── venv\ ... └── imagegen\ ├── state.json ... ├── generate_image.py ... ├── Z-Image-Turbo-int4-ov\ ... └── outputs\YYYYMMDD_HHMMSS_topic.pngDocument cleanup steps and keep all generated files under a clearly scoped, user-approved directory.