CPA GPT Image 2

v1.0.0

Use a text model such as gpt-5.4 with the image_generation tool over an OpenAI-compatible /v1/responses endpoint, matching the CPA blog example. Do not call...

⭐ 0· 13·0 current·0 all-time

by@shiftshen

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shiftshen/cpa-gpt-image-2.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "CPA GPT Image 2" (shiftshen/cpa-gpt-image-2) from ClawHub.
Skill page: https://clawhub.ai/shiftshen/cpa-gpt-image-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install shiftshen/cpa-gpt-image-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install cpa-gpt-image-2

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The SKILL.md description and the included Python script implement the advertised pattern (POST /v1/responses with an image_generation tool, retries, SSE parsing, etc.). The required network access and API keys (IMAGE_GEN_BASE_URL / IMAGE_GEN_KEY or equivalent) are coherent with image-generation functionality. However, the skill also attempts to read OpenClaw provider defaults from a file in the user's home (openclaw/agents/main/agent/models.json) and runs 'openclaw models status --json' to infer a default model. Those file/CLI accesses are not declared in the registry metadata, creating a capability/dependency mismatch.

ℹ

Instruction Scope

Runtime instructions stay within the expected domain (construct request, handle SSE/JSON, extract base64 image, write file). The bundled script reads environment variables and a local models.json and invokes the 'openclaw' CLI via os.popen for defaults — actions the SKILL.md documents in places but which broaden scope to filesystem and local CLI access. The skill does not instruct exfiltration beyond posting to the configured BASE_URL, nor does it send secrets to unexpected endpoints.

✓

Install Mechanism

No install spec; this is an instruction-only skill with a bundled script. Nothing is downloaded at install time, so there is no high-risk install mechanism present.

ℹ

Credentials

The environment variables the skill uses (BASE_URL/API_KEY variants, model selection vars, and optional header vars) are appropriate for contacting an image-generation endpoint. There are no unrelated credentials requested. That said, the skill reads a local OpenClaw models.json which may contain provider apiKey values — reading that file is a reasonable convenience for defaults but increases sensitivity and should be disclosed/understood by the user.

✓

Persistence & Privilege

The skill does not request persistent 'always' inclusion, does not modify other skills, and writes only the generated image file to the requested output path. It does read an OpenClaw config file but does not persist or alter agent configuration.

What to consider before installing

The skill appears to do what it claims (call a /v1/responses endpoint requesting the image_generation tool and write the returned base64 image to disk). Before installing or running it, confirm these points: 1) supply a trusted IMAGE_GEN_BASE_URL and IMAGE_GEN_KEY (or equivalent env vars) — the script will send those credentials to that endpoint; 2) be aware the script will try to read ~/openclaw/agents/main/agent/models.json and may run 'openclaw models status --json' to infer defaults; if you don't want that, provide explicit IMAGE_GEN_MODEL or IMAGE_GEN_BASE_URL/KEY; 3) the registry metadata does not list required env vars or the openclaw CLI dependency — treat that as an omission and ensure your environment is prepared and that the models.json does not contain sensitive tokens you don't want used; 4) run the script in a controlled environment first (no privileged context), and inspect or run the bundled generate_image.py manually to verify behavior. Providing explicit metadata (declared env vars/binaries) or removing the openclaw file/CLI fallback would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yzymkspvtzskk6shjmarnh85ma1k

13downloads

0stars

1versions

Updated 5h ago

v1.0.0

MIT-0

cpa-gpt-image-2

Use this skill when image generation should go through the CPA blog pattern: a normal text model invokes the image_generation tool over a compatible /v1/responses endpoint.

What this skill does

sends a request to an OpenAI-compatible /v1/responses endpoint
matches the CPA blog example request shape closely
uses the image_generation tool
defaults to model gpt-5.4
prefers non-streaming mode by default for simpler and more stable parsing
can switch to streaming mode when needed
automatically retries short image rate-limit responses
automatically retries transient tools: [] text fallbacks from the gateway
keeps credentials in environment variables, never in the skill files

Important rule

Do not treat gpt-image-2 as the direct model on gateways that do not expose that model.

Correct pattern:

use a normal model such as gpt-5.4
pass tools: [{"type": "image_generation", "output_format": "png"}]
let the gateway/tool layer decide whether image generation is available

Wrong pattern for this gateway:

directly calling model gpt-image-2 when the provider does not publish that model

Default environment resolution

The script resolves credentials in this order.

Base URL:

IMAGE_GEN_BASE_URL
OTCBOT_BASE_URL
CPA_BASE_URL
OPENAI_BASE_URL
fallback to OpenClaw models.json otcbot provider baseUrl

API key:

IMAGE_GEN_KEY
OTCBOT_API_KEY
CPA_API_KEY
OPENAI_API_KEY
fallback to OpenClaw models.json otcbot provider apiKey

Model default:

IMAGE_GEN_MODEL
OTCBOT_IMAGE_MODEL
CPA_MODEL
fallback to current OpenClaw image/default model
final fallback: gpt-5.4

Optional:

IMAGE_GEN_OUTPUT_FORMAT — default png
CPA_SESSION_ID — session id header value, default test-session
CPA_USER_AGENT — custom user-agent header
CPA_VERSION — request header version, default 0.122.0
CPA_ORIGINATOR — request header originator, default codex_cli_rs

The script calls:

${BASE_URL%/}/v1/responses

Default execution path

Use the bundled script:

python3 skills/cpa-gpt-image-2/scripts/generate_image.py \
  --prompt "画一只可爱的松鼠" \
  --output /tmp/squirrel.png \
  --model gpt-5.4

Recommended env contract:

export IMAGE_GEN_BASE_URL='http://192.168.10.8:8317/v1'
export IMAGE_GEN_KEY='sk-xxxx'
export IMAGE_GEN_MODEL='gpt-5.4'

Override model when needed:

python3 skills/cpa-gpt-image-2/scripts/generate_image.py \
  --prompt "a cinematic fox detective in Bangkok neon rain" \
  --output /tmp/fox.png \
  --model gpt-5.4 \
  --format png

Expected behavior

The script:

reads credentials from env or OpenClaw otcbot defaults
POSTs to /v1/responses
sends codex-style headers: user-agent, version, originator, session_id
requests the image_generation tool, defaulting to stream: false
parses normal JSON, or SSE data: payloads when streaming is enabled
auto-retries short rate_limit_exceeded image responses when the server provides a retry delay
auto-retries transient gateway fallbacks where the tool list comes back empty and the response degrades to text
extracts the first base64 image from the response
writes the file to the requested output path

Fallback curl patterns

Preferred non-streaming version:

curl --location "$IMAGE_GEN_BASE_URL/responses" \
  --header "Authorization: Bearer $IMAGE_GEN_KEY" \
  --header "Content-Type: application/json" \
  --data '{
    "model": "gpt-5.4",
    "input": "画一只可爱的松鼠",
    "tools": [
      {
        "type": "image_generation",
        "output_format": "png"
      }
    ],
    "instructions": "you are a helpful assistant",
    "tool_choice": "auto",
    "stream": false,
    "store": false
  }'

Streaming version when needed:

curl --location "$IMAGE_GEN_BASE_URL/responses" \
  --header "Authorization: Bearer $IMAGE_GEN_KEY" \
  --header "user-agent: ${CPA_USER_AGENT:-codex-tui/0.122.0 (Manjaro 26.1.0-pre; x86_64) vscode/3.0.12 (codex-tui; 0.122.0)}" \
  --header "version: ${CPA_VERSION:-0.122.0}" \
  --header "originator: ${CPA_ORIGINATOR:-codex_cli_rs}" \
  --header "session_id: ${CPA_SESSION_ID:-test-session}" \
  --header 'accept: text/event-stream' \
  --header 'Content-Type: application/json' \
  --data '{
    "model": "gpt-5.4",
    "input": "画一只可爱的松鼠",
    "tools": [
      {
        "type": "image_generation",
        "output_format": "png"
      }
    ],
    "instructions": "you are a helpful assistant",
    "tool_choice": "auto",
    "stream": true,
    "store": false
  }'

Notes

Prefer the bundled script for repeatability.
Do not hardcode live keys, base URLs, or session ids into workspace docs.
This skill intentionally mirrors the CPA blog example request shape as closely as practical.
On this gateway, prefer gpt-5.4 plus image_generation tool instead of direct gpt-image-2 model calls.
For the known local otcbot endpoint, prefer setting OTCBOT_BASE_URL and OTCBOT_API_KEY explicitly when testing.
If the endpoint returns provider-specific SSE events, extend the SSE parser instead of changing the whole request shape.
If the user asks to send the generated file back in the current chat, use the normal file-delivery flow after generation.

Comments

Loading comments...