ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Image Gen

AI图像生成与编辑。支持文生图、图+文生图、风格转换。当用户要求画图、生成图片、编辑图片、图片风格转换时使用此 skill。支持多种比例(1:1、3:2、16:9、21:9 等)和分辨率(标准、2K、4K)。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 891 · 5 current installs · 6 all-time installs
byNick Qiu@qiujiahong
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform AI image generation (Gemini Flash Image) and the included script implements that. However, the registry metadata declares no required environment variables or credentials while both SKILL.md and the script expect IMAGE_GEN_API_KEY and IMAGE_GEN_BASE_URL — a mismatch in declared requirements. Also the default BASE_URL (https://code.newcli.com/gemini) and README recommendation (FoxCode affiliate link) are not the official Google endpoints referenced by the 'Gemini' name, which is a provenance/clarity concern.
Instruction Scope
SKILL.md instructs the agent to set two env vars and run scripts/generate_image.py with a prompt and optional args. The runtime instructions are narrowly scoped to preparing a prompt, calling the API, and saving the returned image; they do not direct the agent to read unrelated files, system secrets, or other environment variables.
Install Mechanism
This is an instruction-only skill with one included script; there is no install spec, no downloads, and no archive extraction. Nothing is written to disk by an installer beyond the skill files already present.
!
Credentials
The script legitimately needs an API key and base URL for the image service, but those env vars are not listed in the registry metadata. The default base URL is a non-official host (code.newcli.com) and README pushes a third-party FoxCode service via an affiliate link; using the recommended flow could result in your API key and base URL being issued by or sent to a third party. The script sends the API key in a header (x-goog-api-key) to whatever BASE_URL is configured, so a malicious or misconfigured BASE_URL could receive your key.
Persistence & Privilege
The skill does not request persistent privileges (always:false), does not modify other skills or system-wide settings, and will not run autonomously beyond normal agent invocation controls.
What to consider before installing
Key points before installing or using this skill: - The script expects IMAGE_GEN_API_KEY and IMAGE_GEN_BASE_URL even though the registry metadata omitted them — you will need to supply these env vars. - The default/base URLs in the code and README are not the official Google endpoints; README promotes a third-party service (foxcode.rjj.cc) via an affiliate link. If you point IMAGE_GEN_BASE_URL to an untrusted host, your API key will be sent there (header x-goog-api-key). - If you intend to use a trusted provider, set IMAGE_GEN_BASE_URL explicitly to that provider's documented API endpoint. Do not use API keys issued by unknown middlemen unless you trust them. - Prefer testing with a restricted or disposable key and minimal permissions. Monitor network calls (or run in an isolated environment) until you confirm the endpoint behavior. - If provenance matters, ask the maintainer for the upstream/source of the backend (why it references 'Gemini' but uses code.newcli.com) and for an explanation of the FoxCode referral. If the author cannot explain or provide an official endpoint, treat the provider as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk97bf1kmrnq9cemvbqj1yw7xhh82g234

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI 图像生成

通过执行脚本调用 Gemini Flash Image API 生成图片。

环境变量

脚本通过以下环境变量获取 API 配置:

使用方法

生成图片

执行脚本生成图片:

export IMAGE_GEN_API_KEY="your-api-key"
export IMAGE_GEN_BASE_URL="https://code.newcli.com/gemini"

python3 scripts/generate_image.py "你的提示词" --model gemini-3.1-flash-image-2k-16x9 --output output.png

参数说明

  • prompt(必填):图片描述提示词
  • --model, -m:模型名称,默认 gemini-3.1-flash-image-2k-16x9
  • --output, -o:输出文件路径,默认当前目录 generated_image.png

可用模型

默认模型:gemini-3.1-flash-image-2k-16x9(2K 分辨率,16:9 横屏)

基础模型(标准分辨率)

模型 ID比例适用场景
gemini-3.1-flash-image1:1社交媒体头像
gemini-3.1-flash-image-3x23:2横版照片
gemini-3.1-flash-image-2x32:3竖版海报
gemini-3.1-flash-image-3x43:4竖版海报
gemini-3.1-flash-image-4x34:3传统比例
gemini-3.1-flash-image-4x54:5Instagram
gemini-3.1-flash-image-5x45:4传统横版
gemini-3.1-flash-image-9x169:16手机壁纸/短视频
gemini-3.1-flash-image-16x916:9电脑壁纸/视频
gemini-3.1-flash-image-21x921:9超宽屏

2K 分辨率(推荐)

模型 ID比例
gemini-3.1-flash-image-2k1:1
gemini-3.1-flash-image-2k-3x23:2
gemini-3.1-flash-image-2k-2x32:3
gemini-3.1-flash-image-2k-3x43:4
gemini-3.1-flash-image-2k-4x34:3
gemini-3.1-flash-image-2k-4x54:5
gemini-3.1-flash-image-2k-5x45:4
gemini-3.1-flash-image-2k-9x169:16
gemini-3.1-flash-image-2k-16x916:9
gemini-3.1-flash-image-2k-21x921:9

4K 分辨率

模型 ID比例
gemini-3.1-flash-image-4k1:1
gemini-3.1-flash-image-4k-3x23:2
gemini-3.1-flash-image-4k-2x32:3
gemini-3.1-flash-image-4k-3x43:4
gemini-3.1-flash-image-4k-4x34:3
gemini-3.1-flash-image-4k-4x54:5
gemini-3.1-flash-image-4k-5x45:4
gemini-3.1-flash-image-4k-9x169:16
gemini-3.1-flash-image-4k-16x916:9

工作流程

  1. 理解需求:分析用户的图片需求,确定比例和分辨率
  2. 选择模型:根据用途选择合适的模型(默认 2K-16x9)
  3. 优化提示词:将用户描述扩展为详细的图片提示词
  4. 执行脚本:调用 scripts/generate_image.py 生成图片
  5. 展示结果:读取生成的图片展示给用户

提示词技巧

  • 具体描述:主体、场景、光线、风格、色调
  • 风格参考:水彩、油画、赛博朋克、吉卜力、写实摄影、中国工笔等
  • 构图说明:视角(俯视/仰视)、景深、焦点
  • 色彩指定:主色调、配色方案

示例

生成中国风后羿射日图:

python3 scripts/generate_image.py \
  "一位英勇的古代射手后羿站在险峻的高山之巅,身披金色战甲,肌肉紧绷,拉开巨大的神弓,一支燃烧着神圣光芒的箭矢对准天空中炽热的太阳。天空中有多个太阳同时燃烧,火焰倾泻而下。背景是翻滚的云海和龟裂的大地,远山在热浪中扭曲。中国传统工笔重彩风格,水墨与金箔点缀,色彩以深红、金色、墨黑、靛蓝为主,画面气势磅礴,具有敦煌壁画的厚重感。16:9 宽幅构图。" \
  --model gemini-3.1-flash-image-2k-16x9 \
  --output houyi.png

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…