ClawHub

SeaArt Image Generator

v1.0.0

Use this skill to generate AI images using the SeaArt platform (seaart.ai). Supports text-to-image generation with multiple models, custom dimensions, LoRA m...

0· 37·0 current·0 all-time
by@seaartpublic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill needs a SeaArt session token (the T cookie) and a Python runtime; the included script calls SeaArt APIs (text-to-img and batch-progress). These requirements match the described functionality.
Instruction Scope
SKILL.md instructs the agent to check the SEAART_TOKEN env var, guide the user to extract the T cookie from browser DevTools, and persist it via /update-config. This is expected for a web-account-based integration, but there is a minor inconsistency in the doc about the default model (the top of the doc lists SeaArt Infinity as default, another spot mentions a different default). The instructions do not ask the agent to read unrelated files or exfiltrate data to other endpoints.
Install Mechanism
No install spec; this is instruction-only with a provided Python script. It relies on standard Python and requests. No downloads from arbitrary URLs or archive extraction are present.
Credentials
The only sensitive environment value used is SEAART_TOKEN (the T cookie), which is proportionate to the skill's purpose. Registry metadata shows an unclear 'Required env vars: [object Object]' entry (parser glitch) but SKILL.md and the script clearly declare and use SEAART_TOKEN as the primary secret.
Persistence & Privilege
The skill recommends persisting SEAART_TOKEN in the agent config via /update-config so the agent can use it later. Persisting an account token is normal for convenience but increases the impact if the agent config is accessible — users should ensure the agent config is stored securely. The skill does not request 'always: true' or modify other skills.
Scan Findings in Context
[no_static_scan_findings] expected: The pre-scan reported no injection findings. The included script makes POST requests to https://www.seaart.ai/api/v1/task/v2/text-to-img and https://www.seaart.ai/api/v1/task/batch-progress, which is expected for this skill.
Assessment
This skill appears to do what it says: it needs your SeaArt session token (the 'T' cookie) and uses it to call seaart.ai to generate images. Before installing: (1) only provide the SEAART_TOKEN if you trust this skill and you understand it will be stored in your agent config; (2) consider creating and using a dedicated SeaArt account or token with limited usage if possible; (3) protect the agent config file (it will contain the token) and avoid pasting the token into chat; (4) confirm the small documentation mismatch about the default model with the author if model defaults matter to you. If you are uncomfortable persisting a browser cookie as an env var, do not install or grant the token.

Like a lobster shell, security has layers — review code before you run it.

latestvk972s8snjqrrpb9yyhw63ps8898402np

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Env[object Object]

Comments