xAI Image Generator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but its declared main program is missing from the reviewed package while the skill requires an xAI API key, so users would be relying on unavailable or unreviewed code.
Only proceed if you can review the missing xai-gen executable from a trusted source. If you use the skill, use a limited xAI API key, remember prompts and generated-image requests go to xAI and may incur charges, and avoid persisting the key in shell startup files unless necessary.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work as documented, or a user may fetch or run an unreviewed executable that handles their xAI API key.
The package declares xai-gen as the main executable and the docs/tests call it, but the supplied file manifest does not include an xai-gen file. The implementation that would handle API calls, file writes, and the API key is therefore missing from review.
"main": "xai-gen"
Do not install or run it until the xai-gen executable is included in the reviewed package or obtained from a trusted source; inspect that file before providing credentials.
The skill can use your xAI account and may consume API credits; anyone who can read your shell profile may be able to see the key if you persist it there.
The skill requires an xAI API credential and recommends optionally persisting it in a shell profile. This is expected for an xAI image-generation wrapper, but it grants account/API access and stores the key in plaintext if the persistence step is used.
export XAI_API_KEY="your-api-key-here" ... echo 'export XAI_API_KEY="your-api-key-here"' >> ~/.bashrc
Use a dedicated or limited xAI API key, avoid placing secrets in prompts, and only persist the key in your shell profile if you are comfortable with the local exposure.