ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Filtrix Image Gen

Generate and edit images through Filtrix Remote MCP. Use when users ask to create images or refine existing ones. Supports gpt-image-1, nano-banana, and nano...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 325 · 2 current installs · 2 all-time installs
by@lumenclaw-cloud
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description match the included scripts and MCP usage: both generate and edit images via a Filtrix MCP endpoint. However the registry metadata lists no required environment variables or primary credential, while SKILL.md and the scripts clearly require an API key (FILTRIX_MCP_API_KEY). This mismatch is inconsistent and should be corrected.
Instruction Scope
SKILL.md and the scripts limit behavior to calling the Filtrix MCP endpoint and downloading returned images or user-provided image URLs. The scripts read local image files when provided, base64-encode them, send them to the MCP endpoint, and write result images to /tmp (or a user-specified path). The scripts also accept an undocumented fallback env var (MCP_API_KEY). No instructions attempt to read unrelated system files or other credentials, but the acceptance of arbitrary input image URLs means user-provided URLs (and image contents) will be retrieved and transmitted to the remote MCP service—consider privacy implications.
Install Mechanism
No install spec; code is included as plain Python scripts. This is the lower-risk model (nothing is automatically fetched or executed at install time), but you still run the bundled scripts locally which will make outbound network calls.
!
Credentials
The runtime requires a Filtrix API key (FILTRIX_MCP_API_KEY) but the registry metadata omitted this. The scripts also accept MCP_API_KEY as an undocumented alias. Requesting a single service API key is proportionate for this functionality, but the metadata mismatch and undocumented fallback increase the risk of accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill is not always-enabled, does not request unusual system privileges, and does not modify other skills or global agent settings. It runs only when invoked and writes output files to user-specified paths (default /tmp).
What to consider before installing
Before installing or using this skill: (1) don't set or expose your Filtrix API key globally until you trust the source—the SKILL.md requires FILTRIX_MCP_API_KEY but the registry metadata omits it; verify which env var your deployment will inject. (2) Note the scripts also accept an undocumented MCP_API_KEY fallback—ask the author to document/fix this. (3) Running the scripts will send images (including anything you pass via --image-path or --image-url) to https://mcp.filtrix.ai/mcp and will download returned signed URLs; avoid sending sensitive images unless you trust Filtrix. (4) The package contains plain Python scripts (no install fetches), so inspect them or run them in a sandboxed environment and monitor network/credential usage. (5) Ask the publisher to correct the registry metadata to declare the required env var (FILTRIX_MCP_API_KEY) and clarify the MCP_API_KEY fallback before trusting the skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk977qzzkxet9ac8npqjznvgtdh82pmhy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Filtrix Image Gen (MCP)

This skill is MCP-only.

  • Endpoint: https://mcp.filtrix.ai/mcp
  • Auth: Authorization: Bearer <FILTRIX_MCP_API_KEY>
  • Primary tools:
    • generate_image_text
    • edit_image_text
    • get_account_credits

Available MCP tools:

  • get_account_credits
  • generate_image_text
  • edit_image_text

Setup

Required:

  • FILTRIX_MCP_API_KEY

Optional:

  • FILTRIX_MCP_URL (default: https://mcp.filtrix.ai/mcp)

Generate

python scripts/generate.py \
  --prompt "..." \
  [--mode gpt-image-1|nano-banana|nano-banana-2] \
  [--size 1024x1024|1536x1024|1024x1536|auto] \
  [--resolution 1K|2K|4K] \
  [--search-mode] \
  [--enhance-mode] \
  [--idempotency-key KEY] \
  [--output PATH]

Edit

Use this when user wants iterative refinement, style transfer, background changes, object replacement, etc.

python scripts/edit.py \
  --prompt "make the sky sunset orange and add volumetric light" \
  (--image-path /path/to/input.png | --image-url https://...) \
  [--mode gpt-image-1|nano-banana|nano-banana-2] \
  [--size 1024x1024|1536x1024|1024x1536|auto] \
  [--resolution 1K|2K|4K] \
  [--search-mode] \
  [--enhance-mode] \
  [--idempotency-key KEY] \
  [--output PATH]

Mode Mapping

  • gpt-image-1: general quality route
  • nano-banana: fast generation route
  • nano-banana-2: advanced generation route

Recommended Workflow

  1. First pass with generate_image_text (scripts/generate.py).
  2. Use edit_image_text (scripts/edit.py) for targeted changes.
  3. Use a new idempotency_key for each new edit intent.

Idempotency

idempotency_key prevents duplicate billing on retries. If omitted, scripts auto-generate one UUID-based key.

References

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…