beauty-generation-api
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: beauty-generation-api Version: 1.2.50 The beauty-generation-api skill is a well-documented tool for generating AI portraits via the diversityfaces.org API. It follows standard security practices by requiring a user-provided API key (BEAUTY_API_KEY) and includes explicit safety instructions for the AI agent to refuse inappropriate content. The provided Python script template in SKILL.md is a standard API wrapper, and the documentation specifically instructs the agent not to execute scripts on the user's system without authorization, focusing instead on providing guidance and templates.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make external API calls for image generation, which can use the user's quota or paid credits.
The skill instructs use of curl to make authenticated requests to an external API. This is expected for the image-generation purpose, but users should recognize that tool calls can consume service quota when used for generation.
curl -H "X-API-Key: YOUR_API_KEY" \ https://gen1.diversityfaces.org/api/quota
Use the skill only for intended image-generation requests, review generated prompts before sending if they matter, and monitor quota usage.
Anyone with access to the API key may be able to use the account's image-generation quota or credits.
The skill requires a service API key. This credential is purpose-aligned for an authenticated image-generation API, and the provided artifacts do not show hardcoding, logging, or unrelated credential use.
env_vars: - BEAUTY_API_KEY primary_credential: BEAUTY_API_KEY
Use a revocable API key, keep it private, and avoid sharing logs or command histories that include the key.
Prompt text, including any personal descriptions included by the user, may be processed by the external provider.
The skill clearly discloses that prompt content is transmitted to an external provider. This is expected for the service, but it is a data-boundary consideration.
Your prompts will be sent to gen1.diversityfaces.org for processing.
Do not include confidential, private, or regulated personal information in prompts unless you trust the provider and its privacy practices.