beauty-generation-api
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only wrapper for an external portrait-generation API; the main things to notice are the API key requirement and that prompts are sent to the provider.
Before installing, make sure you are comfortable providing a DiversityFaces.org API key and sending image prompts to gen1.diversityfaces.org. Keep the key private, use a limited or revocable key if possible, and monitor quota or credit usage.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make external API calls for image generation, which can use the user's quota or paid credits.
The skill instructs use of curl to make authenticated requests to an external API. This is expected for the image-generation purpose, but users should recognize that tool calls can consume service quota when used for generation.
curl -H "X-API-Key: YOUR_API_KEY" \ https://gen1.diversityfaces.org/api/quota
Use the skill only for intended image-generation requests, review generated prompts before sending if they matter, and monitor quota usage.
Anyone with access to the API key may be able to use the account's image-generation quota or credits.
The skill requires a service API key. This credential is purpose-aligned for an authenticated image-generation API, and the provided artifacts do not show hardcoding, logging, or unrelated credential use.
env_vars: - BEAUTY_API_KEY primary_credential: BEAUTY_API_KEY
Use a revocable API key, keep it private, and avoid sharing logs or command histories that include the key.
Prompt text, including any personal descriptions included by the user, may be processed by the external provider.
The skill clearly discloses that prompt content is transmitted to an external provider. This is expected for the service, but it is a data-boundary consideration.
Your prompts will be sent to gen1.diversityfaces.org for processing.
Do not include confidential, private, or regulated personal information in prompts unless you trust the provider and its privacy practices.