QuiverAI Skill
v1.0.0Generate SVGs from text prompts and convert raster images (PNG/JPG/WebP) to SVG using QuiverAI's AI models. Use when user asks to create icons, illustrations...
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to generate/vectorize SVGs and the SKILL.md exclusively documents using a 'quiver' CLI to do exactly that. Required tools (quiver, filesystem read/write) are consistent with creating and returning SVG files; there are no unrelated service credentials or unrelated binaries requested.
Instruction Scope
Instructions are narrowly scoped to running the quiver CLI, saving outputs (-o), and reading the produced SVGs. One behavioral note: the skill advises passthrough of arbitrary user arguments (quiver $ARGUMENTS) and allows reading files provided by the user (for vectorize), which is expected for this use but gives the agent the ability to operate on arbitrary local files the user points to.
Install Mechanism
No registry install spec is included; the SKILL.md recommends installing a global npm package (npm install -g quiver-ai-cli). That is an expected way to obtain a CLI, but the package name/source is not validated here. Global npm installs can require elevated permissions on some systems and introduce external code from the public registry — reasonable for a CLI but worth verifying the package's trustworthiness.
Credentials
The skill metadata declares no required env vars, but SKILL.md instructs users to set an API key via 'quiver config set api_key <key>' (the CLI's own config). This is proportionate to the stated purpose, but the skill does not declare where the key will be stored or any primaryEnv; users should be aware the key will reside in the CLI config (on disk) rather than in the registry metadata.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It uses Read/Write to create and inspect output SVG files in the working directory, which matches its purpose. Autonomous invocation is allowed by default but is not combined with unusual credential or persistence demands here.
Assessment
This skill looks coherent for creating and vectorizing SVGs, but check a few things before trusting it: 1) The SKILL.md asks you to install 'quiver-ai-cli' from npm — verify the package name, author, and reviews on the npm registry before running a global install (or prefer a non-global/sandboxed install). 2) The CLI expects an API key that will be stored in the quiver CLI config on disk; be aware where that config is stored and what API/account the key grants. 3) When vectorizing, the agent will operate on local files or URLs you supply — avoid pointing it at sensitive local files. 4) If you need least privilege, create a dedicated API key with limited scope for this tool. If you want additional assurance, ask the maintainer/source of this skill for a verified homepage or a link to the quiver CLI repository before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ba1fwjzzk8m2k77s4nzmxt9840z9d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.