Grok Imagine Image Pro
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for xAI image generation/editing, with expected use of an API key, network calls, local image files, and optional Telegram sending.
This looks safe for its stated purpose. Before installing, confirm you want the agent to use your xAI API key, send prompts and source images to xAI, save generated files under ~/.openclaw/media, and optionally send images to Telegram recipients you specify.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local commands to contact xAI and create PNG files when the user asks for image generation or editing.
The skill relies on shell commands using curl and python3 to call the image API and decode/save results. This is central to the skill purpose and is clearly shown, but it is still local command execution.
curl -s https://api.x.ai/v1/images/generations ... | python3 -c
Use it for intended image tasks only, and review prompts/source paths before running edits or batch generations.
Requests made through the skill use the configured xAI account and may consume quota or incur provider-side usage costs.
The skill uses an xAI API key to authenticate image-generation requests. This is expected for the stated xAI integration and no artifact shows unrelated credential use or logging.
API Key: `$XAI_API_KEY` ... -H "Authorization: Bearer $XAI_API_KEY"
Make sure the XAI_API_KEY is intended for this use and monitor provider usage or billing as appropriate.
Source images and text prompts may leave the local environment and be processed by xAI; generated images may also be optionally sent through Telegram if the user uses that workflow.
For image editing, the skill base64-encodes a local source image and sends it to the xAI API. The external provider flow is disclosed and purpose-aligned, but it can include private image content.
"image_url": f'data:image/png;base64,{b64}' ... curl -s https://api.x.ai/v1/images/generationsAvoid using sensitive images or prompts unless you are comfortable sharing them with the provider and any selected Telegram recipient.