ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Image Generator

v3.0.0

Use this skill any time the user wants to generate, create, or design images, illustrations, or visual assets. This includes: posters, banners, social media...

0· 394·0 current·0 all-time
byAnyGenIO@logictortoise
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an image-generation integration and only requests the AnyGen CLI binary and an ANYGEN_API_KEY, which are appropriate and expected for a CLI-based image-generation skill.
Instruction Scope
SKILL.md instructs the agent to call the AnyGen CLI, authenticate via API key or web login, and optionally install an AnyGen workflow skill. It does not ask the agent to read unrelated files, other credentials, or system paths outside its purpose.
Install Mechanism
Install is a Node package (@anygen/cli) producing the anygen binary. Using an npm-scoped CLI package for a CLI integration is proportionate. No direct downloads from arbitrary URLs are used.
Credentials
The only required environment variable is ANYGEN_API_KEY (declared as the primary credential) which directly matches the described authentication methods. No unrelated secrets or multiple credentials are requested.
Persistence & Privilege
The skill does not request always: true or other elevated persistence. It does suggest running anygen auth login which may open a browser for OAuth, but that is typical for CLI auth and not an unexplained privilege request.
Assessment
This skill looks coherent: it installs an AnyGen CLI and requires an AnyGen API key, which is expected for an image-generation integration. Before installing, verify the @anygen/cli package publisher and registry source (npm) to ensure you're installing the official CLI. Treat ANYGEN_API_KEY as sensitive — don't share it in public repos or logs. Be aware the CLI may open a browser for web login (interactive OAuth) and the CLI will contact AnyGen's servers (www.anygen.io), so confirm you trust that service and its privacy policy. If you need stronger assurances, ask the publisher for a homepage or repository URL and inspect the package code before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ja0y0fxsv2k27881xfx0ss83wwc5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsanygen
EnvANYGEN_API_KEY
Primary envANYGEN_API_KEY

Install

Node
Bins: anygen
npm i -g @anygen/cli

Comments