Prompt Gen Skill
v1.1.0Generate detailed, optimized AI art prompts for Midjourney, DALL-E, and Stable Diffusion, including style, lighting, and composition keywords.
⭐ 0· 306·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements prompt generation for Midjourney/DALL·E/SDXL as described. However, the skill also implements billing via SkillPay (charging users) and embeds a SkillPay API key and price in both SKILL.md and handler.py; billing is not inherently incompatible with the stated purpose but embedding credentials in the package is disproportionate and unusual.
Instruction Scope
SKILL.md and handler.py both instruct/attempt to contact an external billing endpoint (skillpay.me) and include the same API key inline. The README exposes a secret key in plaintext. The handler's payment flow is buggy (undefined SKILL_ID, indentation error, exception handler returns success True on failure), which could cause unexpected behavior. The skill sends user_id and billing data to an external endpoint — reasonable for paid skills, but it's a data-exfiltration/billing risk if you don't trust the endpoint or key.
Install Mechanism
No install spec and no external downloads — the only executable content is handler.py included with the skill. That reduces install risk but the included script will run and perform network calls when invoked.
Credentials
The package contains a hardcoded SkillPay API key in both SKILL.md and handler.py instead of declaring it as a required credential or using a platform-provided secret. No env vars are declared, yet a sensitive credential is embedded in the code and public docs — disproportionate and a secret-management red flag.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence, and it doesn't attempt to modify other skills or system configuration in the provided files.
Scan Findings in Context
[hardcoded-secret] unexpected: Both SKILL.md and handler.py contain the same hardcoded SkillPay API key (sk_93c5ff38...91430e). Embedding a billing API key in the code/doc is not expected or appropriate for a simple prompt-generation skill and risks credential leakage and unauthorized charges.
What to consider before installing
This skill will generate prompts as advertised, but it contains a hardcoded SkillPay API key (visible in both SKILL.md and handler.py) and code that will contact an external billing endpoint (skillpay.me) to charge users. The payment code is also buggy (undefined SKILL_ID, indentation mistakes, and an exception handler that may mark failures as successful), which could produce unexpected behavior. Before installing, consider: 1) Do you trust the skill author and the SkillPay account tied to that API key? 2) Prefer a version that does not embed secrets in code—API keys should be provided via platform-managed secrets or environment variables and declared in requires.env. 3) Ask the author to fix the obvious bugs (undefined SKILL_ID, indentation, and exception handling) and to remove the plaintext key from SKILL.md. 4) If you don't need the billing feature, request a version without the SkillPay integration. If you proceed, monitor outgoing network requests and billing activity closely and avoid using any real payment identifiers until the code and secret handling are corrected.Like a lobster shell, security has layers — review code before you run it.
latest
AI Art Prompt Generator
Generate optimized prompts for AI image generation tools like Midjourney, DALL-E, Stable Diffusion.
Features
- Generate detailed prompts for AI art
- Optimize for Midjourney, DALL-E, SDXL
- Include style, lighting, composition keywords
Price
- 0.001 USDT per call
- Payment via SkillPay
Usage
- "Generate a prompt for a cyberpunk city"
- "Prompt for a futuristic robot"
- "Create prompt for a fantasy castle"
Integration
- API Key: sk_93c5ff38cc3e6112623d361fffcc5d1eb1b5844eac9c40043b57c0e08f91430e
- Price: 0.001 USDT per call
Comments
Loading comments...