ClawHub

babbleBrush

v1.4.1

Generate and iteratively edit images. Supports storage, UI for manual editing, history, version branching, time travel, reference images, and multiple AI mod...

1· 272·0 current·0 all-time
by@kivs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (image generation & iterative editing) line up with the documented API endpoints and examples. The single required env var (BABBLEBRUSH_API_KEY) is the expected credential for calling the service's API. Endpoints shown (canvases, provider-credentials, provider-models, uploads) match the declared purpose.
Instruction Scope
SKILL.md is instruction-only and contains curl examples that operate solely against babblebrush.com endpoints. Examples include uploading local image files (curl -F image=@/path/to/image.png) and adding provider API keys via the service API — both are reasonable for an image editor, but they do involve reading local image files and submitting third-party provider keys to the babblebrush service.
Install Mechanism
No install script or binary downloads are present (instruction-only). This minimizes on-disk persistence and supply-chain risk.
Credentials
Only BABBLEBRUSH_API_KEY is declared as required, which is proportionate. The skill also documents endpoints to add provider API keys (Gemini, xai) to the babblebrush account — this is expected for a BYOK workflow but has privacy/billing implications (provider usage billed to the provider keys you add).
Persistence & Privilege
always is false and model invocation is allowed (platform defaults). The skill does not request elevated platform-wide persistence or other skills' credentials.
Assessment
This SKILL.md describes a third-party image-editing API and appears internally consistent. Before installing: 1) Verify the service domain (https://babblebrush.com) and its privacy/terms — you will be uploading images and potentially provider API keys. 2) Treat BABBLEBRUSH_API_KEY like any secret: create a scoped, rotatable token if possible and avoid using long-lived high-privilege credentials. 3) Be cautious about adding provider API keys to the service (BYOK): provider usage is billed to those keys and they will be stored by babblebrush. 4) If you don't trust the site/source, test with minimal credits and low-privilege keys and monitor billing and activity; rotate or revoke keys after testing. 5) If you need higher assurance, ask the publisher for source code or a canonical homepage and review their security/privacy documentation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722gj9vg6hc5jx796k7jfzr5823epk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvBABBLEBRUSH_API_KEY

Comments