ClawHub

Wuli Clawhub Publish 1.0.6

v1.0.6

Generate AI images and videos with 17+ active models via Wuli.art open platform API. Use when creating images from text prompts, editing images with one or m...

1· 358·0 current·0 all-time
byzihao chu@sir1st-inc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Wuli image/video generation) match the declared requirements: a single API token (WULI_API_TOKEN) and Python3. The manifest, SKILL.md, and skill.py all target the wuli.art platform endpoints and functions (text→image, image edits, text→video, uploads, no-watermark downloads). Nothing in the package requests unrelated services or credentials.
Instruction Scope
SKILL.md and skill.py explicitly upload local files and re-upload remote URLs to Wuli's OSS before submitting tasks. This is expected for the stated purpose but has privacy implications: local files and any remote media URLs provided are transmitted to https://platform.wuli.art and to pre-signed OSS upload URLs. The code also downloads arbitrary remote URLs (when given) before re-uploading; if this skill is run from a machine with access to internal resources (e.g., a cloud-hosted agent), providing internal URLs could leak internal content. The manifest includes a privacy warning, which aligns with this behavior.
Install Mechanism
No install spec is provided (instruction-only runtime), and the included Python script uses only standard-library modules. No external downloads or package installs are performed by the skill itself, so there is low installation risk.
Credentials
Only one secret is required (WULI_API_TOKEN) and it is the primary credential used for Bearer auth to the stated API. The skill does not request unrelated environment variables or multiple unrelated credentials.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide privileges. It does not modify other skills or system-wide agent config. Autonomous invocation is allowed (default) but not combined with other red flags.
Assessment
This skill appears to do what it claims, but it will upload any local files you give it (and it will download+re-upload any remote URLs) to Wuli.art. Do not use with sensitive or private files. Only provide a WULI_API_TOKEN you trust (preferably with limited billing/usage or a throwaway/test account if you're unsure), and rotate the token if it has been shared. If you run this skill from a cloud-hosted agent or CI environment, avoid passing URLs that point to internal services (to prevent accidental exfiltration). If you want extra assurance, review the included skill.py source yourself before use and verify the token’s scope and Wuli.art privacy/terms.

Like a lobster shell, security has layers — review code before you run it.

latestvk979k10a3gfc7kv6q2vb5mv1fn83h6mk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
OSLinux · macOS · Windows
Any binpython3
EnvWULI_API_TOKEN
Primary envWULI_API_TOKEN

Comments