ClawHub

Seisoai

Unified media generation gateway for agents. Discover tools dynamically, choose API key or x402 auth, invoke image/video/audio/music/3D/training tools, and h...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 2.7k · 0 current installs · 0 all-time installs
by@Legendarylibr
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (media-generation gateway) matches the runtime instructions: discovery endpoints, invoke endpoints, job polling, and tool lists are all about media generation. No unrelated binaries, installs, or extraneous credentials are requested.
Instruction Scope
SKILL.md confines actions to the seisoai API (discovery, invoke, jobs, agent-scoped routes) and includes explicit agent-scoped safety checks. It also documents an x402 payment flow (sign/pay on Base). This is within scope, but pay/ signing steps imply on-chain payments — ensure agents do not have wallet private keys or auto-pay without explicit user consent.
Install Mechanism
Instruction-only skill with no install spec and no code files — the lowest risk install surface. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill shows how API keys or payment headers are used (X-API-Key or x402), but declares no required env vars. This is proportionate to the purpose; however, users should not provide broad or long-lived secrets unless needed and should prefer scoped API keys and explicit payment approvals.
Persistence & Privilege
always is false and no config paths or system modifications are requested. Model invocation is allowed (normal default). The skill can cause outbound network calls — standard for an API gateway — so review agent autonomy/billing settings before enabling.
Assessment
This skill is instruction-only and appears to be what it says: a gateway for media-generation tools. Before installing or using it, consider: 1) You will need to provide either an API key or make on-chain x402 payments — never give your wallet private keys or broad credentials to an agent. 2) Prefer scoped, revocable API keys and verify the exact header/location the skill expects (X-API-Key). 3) The skill allows autonomous network calls (normal) — if you enable autonomous agents, set billing/payment guardrails to avoid unexpected charges. 4) Confirm the endpoint domain (https://seisoai.com) and TLS before sending secrets. 5) Verify the agent implementation enforces the SKILL.md's agent-scoped safety checks (tool allowlists, single-agent scope, no recursive orchestration) if you plan to call /api/gateway/agent/* routes. 6) If you need higher assurance, ask the publisher for source code or a signed homepage/repository; absence of install/code files means there is nothing local to audit.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.1
Download zip
latestvk971rf89zvmvy2a19f77v0dz9981bfvs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis

SKILL.md

Seisoai

Base URL: https://seisoai.com Primary endpoint: POST /api/gateway/invoke/{toolId} or POST /api/gateway/invoke with toolId in body. Auth: X-API-Key or x402 payment (USDC on Base).

Agent-First Workflow (Do This Every Session)

  1. Discover live tools:
    • GET /api/gateway/tools
  2. For selected tools, fetch exact schema:
    • GET /api/gateway/tools/{toolId}
  3. Optionally pre-price inputs:
    • GET /api/gateway/price/{toolId}
  4. Invoke with API key or x402.
  5. If queue tool, poll job status/result URLs from response.

Do not rely on static tool lists when a live registry is available.

Auth Strategy

Use this decision order:

  1. If you have a project API key, use X-API-Key.
  2. If you do not have a key, use x402 pay-per-request.
  3. Do not send browser CSRF tokens for machine clients.

API Key Example

POST /api/gateway/invoke/image.generate.flux-2
X-API-Key: sk_live_xxx
Content-Type: application/json

{"prompt":"a sunset over mountains"}

x402 Example (2-step)

  1. Call without payment header.
  2. Receive 402 with payment requirements.
  3. Sign/pay on Base.
  4. Retry same request with one of:
    • payment-signature
    • x-payment
    • payment

High-Value Endpoints

  • Discovery:
    • GET /api/gateway/tools
    • GET /api/gateway/tools/{toolId}
    • GET /api/gateway/price/{toolId}
    • GET /api/gateway/mcp-manifest
  • Invoke:
    • POST /api/gateway/invoke/{toolId}
    • POST /api/gateway/invoke
  • Jobs:
    • GET /api/gateway/jobs/{jobId}?model=...
    • GET /api/gateway/jobs/{jobId}/result?model=...
  • Agent-scoped:
    • GET /api/gateway/agents
    • GET /api/gateway/agent/{agentId}
    • POST /api/gateway/agent/{agentId}/invoke/{toolId?}
    • POST /api/gateway/agent/{agentId}/orchestrate

Agent-Scoped Safety Controls (Mandatory)

For normal media generation (images, video, audio, 3D), use /api/gateway/invoke and the discovery endpoints above; no extra checks. The rules below apply only when the user explicitly asks to run or orchestrate a specific agent (e.g. a named bot or workflow).

Default posture: deny by default for agent-scoped routes (/api/gateway/agent/*). Use agent-scoped endpoints only when all checks pass:

  1. Explicit task requirement
    • Do not call /agent/* routes unless the current task explicitly requires operating a specific agent.
  2. Exact agent binding
    • Resolve agentId from a trusted source (GET /api/gateway/agents or user-provided exact ID).
    • Never infer or guess agent IDs from names/prompts.
  3. Authorization boundary
    • Use only the current caller credentials.
    • Never attempt to reuse, escalate, or proxy credentials to access other tenants/owners.
  4. Single-agent scope
    • For one task, operate on one approved agentId unless the user explicitly requests multi-agent execution.
  5. Tool allowlist enforcement
    • Before invoke/orchestrate, fetch GET /api/gateway/agent/{agentId} and only use tool IDs declared for that agent.
    • Reject tool IDs not listed in that agent definition.
  6. No recursive orchestration
    • Do not create self-referential orchestrations, orchestration loops, or fan-out patterns across unknown agents.
  7. No broad discovery exfiltration
    • Do not enumerate all agents unless needed for user task; prefer direct lookup when agentId is known.
  8. Audit trail requirement
    • Log agentId, route, tool ID, and reason for each agent-scoped call in agent run notes.
  9. On mismatch or ambiguity: stop
    • If ownership/scope/tool authorization is ambiguous, do not call /agent/*; fall back to /api/gateway/invoke.

Tool Selection Cheatsheet (Verified IDs)

Images

  • Fast text->image: image.generate.flux-2
  • Premium cinematic: image.generate.kling-image-v3
  • Premium consistency: image.generate.kling-image-o3
  • 360/panorama: image.generate.nano-banana-pro
  • Prompted edit: image.generate.flux-pro-kontext-edit
  • Face swap: image.face-swap
  • Inpaint/outpaint: image.inpaint, image.outpaint
  • Background removal/layer: image.extract-layer
  • Upscale: image.upscale

Video

  • Text->video (Veo): video.generate.veo3
  • Image->video (Veo): video.generate.veo3-image-to-video
  • First/last frame: video.generate.veo3-first-last-frame
  • Kling text: video.generate.kling-3-pro-text, video.generate.kling-3-std-text
  • Kling image: video.generate.kling-3-pro-image, video.generate.kling-3-std-image
  • Motion transfer: video.generate.dreamactor-v2

Audio / Speech / Music

  • Voice clone TTS: audio.tts
  • TTS quality tiers: audio.tts.minimax-hd, audio.tts.minimax-turbo
  • Lip sync: audio.lip-sync
  • Transcription: audio.transcribe
  • Music: music.generate
  • Sound FX: audio.sfx
  • Stem separation: audio.stem-separation

3D

  • Image->3D standard: 3d.image-to-3d
  • Image->3D pro: 3d.image-to-3d.hunyuan-pro
  • Text->3D pro: 3d.text-to-3d.hunyuan-pro
  • Fast image->3D: 3d.image-to-3d.hunyuan-rapid
  • Mesh post-processing: 3d.smart-topology, 3d.part-splitter

Minimal Payload Patterns

Text->image:

{"prompt":"..."}

Image edit:

{"prompt":"...","image_url":"https://..."}

Text->video:

{"prompt":"...","duration":"6s"}

DreamActor motion transfer:

{"source_image_url":"https://...","driving_video_url":"https://..."}

Voice clone TTS:

{"text":"...","audio_url":"https://..."}

3D image->mesh:

{"image_url":"https://...","output_format":"glb"}

Queue Handling Contract

If executionMode is queue, response includes job metadata. Use:

  1. statusUrl until completed/failed.
  2. resultUrl when completed.

Treat queue submit success as billable success (x402 settlement/API-key credit deduction already handled server-side).

Error Policy

  • 400: Schema/input mismatch. Re-fetch tool schema and correct fields.
  • 402: Missing/invalid payment or insufficient API key credits.
  • 404: Tool/agent not found. Refresh registry.
  • 503: Tool disabled. Select fallback in same category.
  • 500: Retry with backoff; then switch model/tool.

Reliability Rules for Agents

  1. Always discover live tools before planning multi-step flows.
  2. Use exact schema from GET /tools/{toolId} for required fields.
  3. Keep one tool call per request; chain in your agent.
  4. Prefer explicit model/tool IDs over natural-language routing assumptions.
  5. For retries, do not reuse stale x402 signatures.
  6. Treat /api/gateway/agent/* as privileged routes and apply the mandatory safety controls above.

Self-Maintenance

When this file is updated:

  • Keep IDs aligned with backend/services/toolRegistry.ts.
  • Update last_synced and version.
  • Keep examples minimal and executable.

Changelog

  • [2026-02-09] v1.1.1 - Added mandatory safety controls for agent-scoped endpoints (deny-by-default, agent/tool scoping, anti-recursion, and audit requirements).
  • [2026-02-09] v1.1.0 - Rewrote for agent discovery-first flow, corrected stale tool IDs/params, tightened auth/x402 guidance, and added queue/error reliability policy.
  • [2026-02-08] v1.0.0 - Initial self-improvement protocol added.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…