ClawHub

Movie Poster Generator

v1.0.1

Create stunning AI movie posters, film posters, and cinema artwork. Generate professional movie poster designs, event posters, fan-made film posters, and the...

0· 64·0 current·0 all-time
by@omactiengartelle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim AI movie-poster generation via the Neta API; the included script posts prompts to https://api.talesofai.com and polls for a resulting image URL. The requested inputs (prompt, size, optional reference UUID, and an API token) are appropriate and proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running the provided Node script with a --token flag. The runtime instructions and script only read CLI args, call the external image API, poll for results, and print the image URL. The skill does not read local files, environment variables, or unrelated system state, nor does it exfiltrate data to endpoints outside the stated API.
Install Mechanism
No install spec is provided (instruction-only with an included script). The package.json has no dependencies and the script uses built-in fetch (Node 18+). Nothing is downloaded from arbitrary URLs or installed into system paths.
Credentials
No environment variables are declared in registry metadata; instead the script requires a per-run API token passed via --token. This is reasonable but worth noting: passing secrets on the command line can leak to shell history, process lists, or shared logs. No other credentials or unrelated secrets are requested.
Persistence & Privilege
Skill does not request persistent/system-level privileges, does not set always:true, and does not modify other skills or system-wide configuration. Autonomous invocation (disable-model-invocation: false) is default and not, by itself, a concern here.
Assessment
This skill appears coherent and limited to calling the Neta/TalesOfAI image API. Before installing, verify you trust https://api.talesofai.com / neta.art and obtain a token from the official site. Prefer not to pass long‑lived or sensitive tokens on the command line (they can appear in shell history and process lists); if possible use ephemeral or scoped tokens and avoid sharing command logs. Review the service's privacy/usage terms if you will send sensitive prompts. If you need higher assurance, run the script in an isolated environment and inspect network traffic to confirm it only talks to the expected API endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kfcq0cbnqhdh7geb8nrm6984qs2p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments