ClawHub

Ai Product Description From Image

v2.0.1

Convert local product images (JPG/PNG/WEBP) to descriptions using Grok Vision AI. Requires XAI_API_KEY. Use when generating e-commerce copy from local photo...

0· 33·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request Grok vision access and the skill only requires an XAI_API_KEY and local image files. The declared requirement (XAI_API_KEY) maps directly to the script's use of api.x.ai. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions and the included script only read user-supplied image files and a single env var, base64-encode the image into a data URL, and send it to https://api.x.ai/v1/chat/completions. This behavior is expected for the stated purpose but has privacy implications: any image data (and embedded EXIF/metadata) is transmitted to an external service.
Install Mechanism
No install specification; the skill is instruction/script-only and uses only system python3 and shell. Nothing is downloaded or written by an install step.
Credentials
Only a single API key (XAI_API_KEY) is required which is proportionate to the integration. The script does not request other secrets or config paths. Users should, however, be aware that their images are uploaded to the external Grok API and that API keys can be used for billing/requests.
Persistence & Privilege
The skill is not forced always-on, it doesn't modify other skills or system configs, and it does not request persistent platform privileges.
Assessment
This skill appears to do what it claims, but installing it means local images you pass will be uploaded (as base64 data URLs) to api.x.ai (Grok). Before using: 1) do not send sensitive images (personal data, documents, or anything with private info) without confirming Grok's data retention/privacy policy; strip EXIF/metadata if needed; 2) protect the XAI_API_KEY like any secret (rotate if leaked) and monitor billing/usage; 3) review the script if you want to modify behavior (e.g., remove metadata or change the endpoint) or to run a local/approved vision model instead; 4) test with non-sensitive images first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qv1bx4rqf32svqe913x699853t9n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
XAI_API_KEYrequiredGrok API key from console.x.ai

Comments