Image To 3d Pipeline
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with image-to-3D generation, but its instructions unexpectedly use an undeclared Meshy API key and provider in addition to the advertised Tripo/Replicate flow.
Before installing or using this skill, verify which provider you actually want to use: Tripo/Replicate or Meshy. Set only the API keys you intend to use, confirm where images will be sent, and review pricing before running batch generation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could be led to provide and use an unexpected third-party API token, potentially sending image jobs to a different paid service than expected.
The declared credentials omit MESHY_API_KEY, but the documented workflow uses that key to call Meshy, a different provider from the advertised Tripo3D/Replicate flow.
"env": ["TRIPOSR_API_KEY"], "optional": ["REMOVE_BG_API_KEY", "UPSCALE_API_KEY"] ... "https://api.meshy.ai/v2/image-to-3d/$TASK_ID" ... "Authorization: Bearer $MESHY_API_KEY"
Declare MESHY_API_KEY and the Meshy provider explicitly, including cost and data-flow expectations, or remove the Meshy steps and align the workflow with the declared Tripo/Replicate credential.
Running the batch example without checking the image list and pricing could consume credits, create charges, or upload more product images than intended.
The skill documents a parallel batch submission loop. This is related to the image-to-3D purpose, but it can submit multiple paid API jobs and upload multiple image URLs if run as written.
for img in "${images[@]}"; do
curl -X POST "https://api.meshy.ai/v2/image-to-3d" \
-H "Authorization: Bearer $MESHY_API_KEY" ... &
doneUse batch mode only with explicit user confirmation, reviewed image inputs, provider choice, rate limits, and cost limits.