ClawHub

Caricature Portrait Generator

v1.0.0

Generate hilarious AI caricature portraits with exaggerated features — turn any description into a funny caricature, cartoon portrait, or comic likeness. Per...

0· 31·0 current·0 all-time
by@omactiengartelle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and README: the script posts a prompt to api.talesofai.com (Neta) to generate images. There are no unrelated credentials, cloud services, or binaries requested.
Instruction Scope
SKILL.md and README simply instruct running the Node script with a Neta token and optional flags (size, ref). The runtime instructions do not ask the agent to read arbitrary files, environment variables, or contact other endpoints beyond the stated API.
Install Mechanism
No install spec is provided (instruction-only install), and the bundle contains a small Node script and package.json. There are no downloads from untrusted URLs or extract/execute steps.
Credentials
No environment variables are declared in metadata, and the script expects a token via the --token CLI flag. That is proportionate to the stated purpose, but the registry metadata does not advertise the required credential (token) as a required env var — the token is passed on the command line instead of an env var.
Persistence & Privilege
always is false, the skill does not request persistent system-level privileges or modify other skills/configs. It only issues outbound HTTPS requests to the image API.
Assessment
This skill appears coherent and implements a straightforward client for Neta/api.talesofai.com. Before installing: (1) Obtain your Neta token from the official site and verify you trust that provider and its privacy/usage terms. (2) Note the script expects the token as a --token command-line argument; passing secrets on the command line can expose them to other users via process listings on multiuser systems — prefer using a secure mechanism (temporarily set a protected env var or use a wrapper) if that matters. (3) Review any prompts you send — images and text prompts are transmitted to the external API. (4) If you need stronger assurance, run the script in a sandbox or inspect network traffic to confirm it only talks to the stated API endpoints (api.talesofai.com).

Like a lobster shell, security has layers — review code before you run it.

latestvk977ge5jeery7a3nm6trrpn1nh8472m7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments