ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智谱CogView模型图片生成

v1.0.1

使用智谱AI的CogView模型生成图片。当用户想要AI生成图片时使用此技能,支持中文提示词自动翻译为英文,支持自定义图片尺寸。在首次使用时需要用户配置智谱API密钥。

0· 92·0 current·0 all-time
by代码工坊实验室@yzh-q

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yzh-q/cogview-image-gen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "智谱CogView模型图片生成" (yzh-q/cogview-image-gen) from ClawHub.
Skill page: https://clawhub.ai/yzh-q/cogview-image-gen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cogview-image-gen

ClawHub CLI

Package manager switcher

npx clawhub@latest install cogview-image-gen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes using the Zhipu (open.bigmodel.cn) CogView model and asks the user to provide an API key, which is coherent with the stated purpose. However, the skill metadata lists no required env vars or primary credential even though the instructions explicitly require configuring an API key. Additionally, the doc instructs running 'scripts/generate_image.ps1' yet the package contains no code files or script — a direct mismatch between claimed capabilities and provided artifacts.
!
Instruction Scope
The instructions say the agent will translate prompts and call the CogView model, but they do not include the HTTP/API call details; instead they point to a local PowerShell script ('scripts/generate_image.ps1') that is not present. That makes the runtime behavior vague and grants the agent broad discretion to implement network calls or run arbitrary commands to satisfy the instructions. The SKILL.md also describes checking/storing an API key on first use but gives no specifics about where/how the key is stored or protected.
Install Mechanism
This is an instruction-only skill with no install spec and no code to write to disk. That is the lowest-risk install model — there is nothing in the manifest that automatically downloads or executes external code.
!
Credentials
The skill logically requires a Zhipu API key to call open.bigmodel.cn, but the registry metadata declares no required env vars or primary credential. The SKILL.md says it will prompt the user for an API key on first use but does not justify why the key isn't declared in requires.env nor explain where the key is stored. This mismatch makes it unclear how credentials are handled and whether they might be exposed or mishandled.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allowed to be invoked autonomously (default), which is normal. There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill's purpose (generate images via Zhipu/CogView) is plausible, but the package is incomplete and inconsistent. Before installing or using it, ask the author to: (1) include the referenced scripts (scripts/generate_image.ps1) or provide exact API call examples; (2) explicitly declare the required credential (e.g., ZHIPU_API_KEY) in the metadata and explain how/where the key will be stored and protected; (3) show the code or request a code review so you can verify it only calls open.bigmodel.cn and does not exfiltrate your key elsewhere. Do not paste your API key into untrusted chat windows; if you must enter it, prefer entering it into a secure agent credential store rather than into the skill's free-form prompt. If the author cannot provide the missing script or clear credential handling, treat this skill as incomplete and avoid using it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a28yh3dgeyy730kzqcdk5qn84ba7q
92downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
代码工坊实验室@yzh-q
latest
Download

智谱AI图片生成

首次使用配置

首次使用时会检查是否存在API密钥配置。如果不存在,会提示用户输入智谱API密钥。

API密钥获取方式:

  1. 访问 https://open.bigmodel.cn/
  2. 注册/登录账号
  3. 在控制台获取API密钥

图片生成

基本用法

直接告诉AI你想生成什么样的图片,AI会自动:

  1. 将中文提示词翻译成英文
  2. 调用智谱CogView-3-Flash模型生成图片
  3. 返回生成的图片给你

支持的尺寸

  • 1024x1024(默认)
  • 768x768
  • 512x512
  • 1024x768(横版)
  • 768x1024(竖版)

调用方式

使用 scripts/generate_image.ps1 脚本:

# 基本调用
& "scripts/generate_image.ps1" -Prompt "a cute cat"

# 指定尺寸
& "scripts/generate_image.ps1" -Prompt "a cute cat" -Size "1024x768"

注意事项

  • 使用免费的CogView-3-Flash模型
  • 生成的图片URL有效期约24小时
  • 如遇401错误,请检查API密钥是否有效

Comments

Loading comments...