Coze Image Skill

v1.0.0

Generate images using Coze AI platform. Supports text-to-image generation with automatic Base64 encoding for inline preview. Use when you need to create imag...

⭐ 0· 88·0 current·0 all-time

by@pgyppp

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pgyppp/coze-image.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Coze Image Skill" (pgyppp/coze-image) from ClawHub.
Skill page: https://clawhub.ai/pgyppp/coze-image
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: IMAGE_API_TOKEN, IMAGE_API_URL, IMAGE_API_PROJECT_ID, IMAGE_API_SESSION_ID, IMAGE_API_TIMEOUT
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install coze-image

ClawHub CLI

Package manager switcher

npx clawhub@latest install coze-image

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code (scripts/coze_image_skill.py) implements text-to-image via a Coze SSE endpoint and returns Base64 images, which matches the skill's stated purpose. However the published registry metadata stated 'no required env vars' while SKILL.md and the code require IMAGE_API_TOKEN (and default project/session IDs and an endpoint). Also package.json lists a Python dependency ('requests') in a Node manifest, which is inconsistent and unnecessary for the declared Python implementation.

Instruction Scope

SKILL.md and the code instruct the agent to POST to a configurable SSE endpoint, parse SSE events, extract any HTTP URL found in arbitrary fields, then download that URL and convert it to Base64. Extracting and fetching arbitrary URLs from upstream text can lead to unexpected network fetches (including internal or private addresses if the SSE contains them). The instructions do not read local files or other env vars, but they do permit the skill to fetch arbitrary external resources returned by the upstream service.

ℹ

Install Mechanism

There is no install spec (instruction-only), so nothing is automatically downloaded at install time — lower install risk. However package.json includes 'autoUpdate': true and a dependency listed as 'requests' (a Python library) in a Node package manifest, which is inconsistent and may indicate sloppy packaging or confusion about install/update mechanisms.

Credentials

The skill reasonably needs an API token for the Coze service, which is declared in SKILL.md, but the registry metadata didn't mark any required env vars — an inconsistency. The SKILL.md and code also ship with hard-coded defaults for IMAGE_API_URL, IMAGE_API_PROJECT_ID, and IMAGE_API_SESSION_ID pointing at a specific third-party domain and IDs. Having a default endpoint baked in is risky: if users do not override it, the skill will make network requests to that host. Require only the API token would be proportional; shipping a default external endpoint and project/session IDs without explanation is concerning.

✓

Persistence & Privilege

The skill does not request always:true and does not modify other skills' configuration. It can be invoked autonomously (default), which is normal for skills; nothing here elevates persistence or privilege beyond typical skill behavior.

What to consider before installing

This skill's code implements Coze text-to-image generation but contains a few red flags you should address before installing or using it with real credentials: - Do not rely on the default IMAGE_API_URL/project/session values. The default domain (https://6fj9k4p9x3.coze.site) and IDs are baked into the skill; if you don't override them requests will go to that third-party host. Confirm the endpoint is legitimate or set your own. - Provide only a Coze API token dedicated to this use (avoid using tokens that grant broader access). The skill requires IMAGE_API_TOKEN; do not paste high-privilege or long-lived secrets unless you trust the endpoint. - The skill will download whatever URL it finds in the SSE response. This can lead to fetching attacker-controlled or internal-network URLs (SSRF/metadata access). Avoid running the skill in an environment where such fetches could reach sensitive internal services, or harden network egress rules. - The repository metadata is inconsistent (registry says no env vars required; SKILL.md/code require them) and package.json mixes Node metadata with a Python dependency. Treat this as sloppy packaging — consider reviewing and testing the Python script directly rather than trusting the package metadata. If you want to proceed: inspect and, if appropriate, modify scripts/coze_image_skill.py to (a) remove or change the default IMAGE_API_URL to a known-good endpoint, (b) restrict URL extraction/validation to expected domains or paths, and (c) review how debug info (project/session IDs) is returned so you don't unintentionally leak identifiers. If you are unsure, don't install the skill or test it in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Environment variables

IMAGE_API_TOKENrequired— Coze API authentication token

IMAGE_API_URL— Coze stream_run endpoint

IMAGE_API_PROJECT_ID— Coze project ID

IMAGE_API_SESSION_ID— Coze session ID

IMAGE_API_TIMEOUT— Request timeout in seconds

aivk97fbwf0gb9ft5tt8r0xx80mvn83sck0cozevk97fbwf0gb9ft5tt8r0xx80mvn83sck0imagevk97fbwf0gb9ft5tt8r0xx80mvn83sck0latestvk97fbwf0gb9ft5tt8r0xx80mvn83sck0

88downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Coze Image Generation Skill

Generate images from text prompts using the Coze AI platform. This skill handles the complete workflow: submitting prompts, parsing SSE responses, downloading images, and returning Base64-encoded data URIs for inline display.

Usage

Basic Usage

from coze_image_skill import run

result = run({
    "text": "一只可爱的小猫，毛茸茸的，大眼睛，坐在窗台上",
    "api_token": "your_coze_api_token"
})

# Result contains:
# - image: data:image/jpeg;base64,... (inline Base64)
# - mime_type: image/jpeg
# - filename: generated-image.jpeg
# - source_url: original image URL

With Custom Configuration

result = run({
    "prompt": "a cute orange cat playing on grass, sunny day",
    "api_token": "your_token",
    "project_id": "your_project_id",
    "session_id": "your_session_id",
    "timeout": 90,
    "include_debug": True
})

Environment Variables

Set these in your OpenClaw configuration or .env file:

Variable	Description	Default
`IMAGE_API_TOKEN`	Coze API authentication token	Required
`IMAGE_API_URL`	Coze stream_run endpoint	`https://6fj9k4p9x3.coze.site/stream_run`
`IMAGE_API_PROJECT_ID`	Coze project ID	`7621854258107039796`
`IMAGE_API_SESSION_ID`	Coze session ID	`mT8SQeCGgTMZNBsJEiRuN`
`IMAGE_API_TIMEOUT`	Request timeout in seconds	`60`

Parameters

Parameter	Type	Description
`text` or `prompt`	string	Image generation prompt (required)
`api_token`	string	Coze API token (or use env var)
`project_id`	string	Coze project ID (or use env var)
`session_id`	string	Coze session ID (or use env var)
`timeout`	int	Request timeout in seconds
`include_debug`	bool	Include debug info in response
`strict`	bool	Raise exceptions instead of returning error object

Response Format

Success

{
  "image": "data:image/jpeg;base64,/9j/4AAQSkZJRg...",
  "mime_type": "image/jpeg",
  "filename": "generated-image.jpeg",
  "source_url": "https://..."
}

Error

{
  "error": "Error message describing what went wrong",
  "image": null,
  "mime_type": null,
  "filename": null,
  "source_url": null
}

Features

SSE Streaming: Handles Coze's Server-Sent Events response format
Auto Download: Automatically downloads generated images and converts to Base64
Error Handling: Graceful error handling with structured error responses
Flexible Auth: Supports both inline token and environment variables
Debug Mode: Optional debug output for troubleshooting

Setup on ClawHub

Install the skill via ClawHub:
```
openclaw skills install coze-image
```

Configure your API token:

openclaw config set IMAGE_API_TOKEN your_token_here

Generate your first image:

Generate a picture of a sunset over the ocean

Troubleshooting

"Image URL not found in SSE response"

This means the Coze project returned text instead of an image. Make sure:

Your Coze bot has an image generation plugin enabled
The workflow is configured to return images
The prompt is appropriate for image generation

Authentication Errors

Verify your API token is valid and not expired
Check that the token has permission to access the project
Ensure environment variables are set correctly

Timeout Errors

Increase the timeout parameter (default 60s)
Check your network connection
The image generation may be taking longer than expected

License

MIT License - See license file for details.

Support

For issues or questions, please open an issue on the ClawHub repository.

Comments

Loading comments...