Image Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This image generator is mostly purpose-aligned, but it tells the agent to install an additional workflow skill with auto-confirmation if it is missing.
Before installing, confirm you trust AnyGen and its CLI, use a limited API key if possible, and do not let the agent install the secondary `anygen-workflow-generate` skill unless you have reviewed and approved that exact dependency.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could cause an additional agent skill to be installed and trusted without the user first seeing what it does.
The skill instructs the agent to install a separate workflow skill with auto-confirmation, but the reviewed artifact set does not include that skill's source, version, or safety boundaries.
If the `anygen-workflow-generate` skill is not available, install it first: ```bash anygen skill install --platform <openclaw|claude-code> -y ```
Require explicit user approval before installing the workflow skill, remove the auto-confirm flag, and publish/pin the exact secondary skill dependency for review.
The agent will need access to an AnyGen account or API key to use the service.
The skill requires an AnyGen API key to authenticate to the image generation service; this is expected for the stated provider integration.
requires:
bins:
- anygen
env:
- ANYGEN_API_KEYUse a scoped AnyGen API key if available, avoid pasting secrets into chat unnecessarily, and revoke the key if you stop using the skill.