ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cs Free Image Generator Nv

v1.3.0

使用 NVIDIA MoCL 模型(via NVIDIA API Playground)进行免费文图生成(Text-to-Image)。当用户要求"生成图片"、"画一张图"、"text to image"、"文生图"时触发。

1· 233·0 current·0 all-time
byChenfeng@savior1987

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for savior1987/cs-free-image-generator-nv.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cs Free Image Generator Nv" (savior1987/cs-free-image-generator-nv) from ClawHub.
Skill page: https://clawhub.ai/savior1987/cs-free-image-generator-nv
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cs-free-image-generator-nv

ClawHub CLI

Package manager switcher

npx clawhub@latest install cs-free-image-generator-nv
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (NVIDIA MoCL text-to-image) matches the script behavior: it POSTS prompts to an NVIDIA GenAI endpoint and returns/saves image JSON. However, the registry metadata declares no required environment variables while both SKILL.md and the script rely on NVIDIA_API_KEY — a clear mismatch.
Instruction Scope
Runtime instructions and script are narrowly scoped to: load environment, call the NVIDIA API, print the JSON response, and save it under /tmp/cs-free-image-generator/nv/<timestamp>.json. That scope aligns with the stated purpose. The instructions explicitly tell the agent to force-load ~/.openclaw/.env (override=True), which can alter environment values and should be treated as potentially surprising behavior.
Install Mechanism
No install spec; this is effectively an instruction + small script that uses standard Python libraries and requests. Nothing is downloaded from untrusted URLs or installed automatically; risk from install mechanism is low.
!
Credentials
The skill requires NVIDIA_API_KEY at runtime but the package metadata lists no required env vars or primary credential. The script uses dotenv.load_dotenv with override=True against ~/.openclaw/.env, which will forcibly replace existing environment values in-process — this can unexpectedly expose or overwrite secrets. Requesting a single provider API key would be proportionate, but failing to declare it and forcing a local .env read is concerning.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills or global settings, and does not request persistent elevated privileges. Autonomous invocation is allowed by default (normal for skills) and not by itself a reason to flag.
What to consider before installing
This skill appears to do what it says (POST your prompt to an NVIDIA image-generation endpoint and save the JSON), but it has two practical red flags you should address before use: - NVIDIA_API_KEY is required at runtime but is not declared in the skill metadata. Confirm where you will supply this key (agent secret storage is preferable) and don't rely on undocumented behavior. - The script force-loads ~/.openclaw/.env with override=True. That will read and overwrite environment variables from that file — review its contents for any sensitive keys before allowing the skill to run. Recommendations: - If you trust the source, set NVIDIA_API_KEY explicitly in a controlled secret store (do not leave it in an accessible .env file) and verify the endpoint matches NVIDIA's official API. - Ask the skill author to update metadata to declare NVIDIA_API_KEY as a required primary credential and to avoid override=True or at least document it clearly. - Inspect or sandbox runs initially; check the /tmp/cs-free-image-generator/nv/ files to confirm only expected data is saved. If you do not trust the author or cannot confirm the .env contents, avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977g65ym3fsmz8d0f0zxz922984gs61
233downloads
1stars
4versions
Updated 2w ago
v1.3.0
MIT-0
Chenfeng@savior1987
latest
Download

NVIDIA MoCL 文图生成

基于 NVIDIA API Playground 的 MoCL 模型,将自然语言描述转化为图像。

使用方式

python3 scripts/cs-free-image-generator-nv.py \
  --prompt "描述文字" \
  --width 1024 \
  --height 1024

参数说明

参数必填默认值说明
--prompt图像描述文本(英文效果更佳)
--width图像宽度(1-4096)
--height图像高度(1-4096)

输出

  • 响应 JSON 保存至:/tmp/cs-free-image-generator/nv/<Unix时间戳>.json
  • 包含 base64 编码的图像数据,可解码保存为 PNG/JPEG 文件

示例

# 生成一只可爱的柯基犬 (1024×1024)
python3 scripts/cs-free-image-generator-nv.py \
  --prompt "一只可爱的柯基犬" \
  --width 1024 \
  --height 1024

注意事项

  • 环境变量:使用 dotenv 自动从 ~/.openclaw/.env 加载 NVIDIA_API_KEYoverride=True),强制从 .env 读取最新值,避免旧进程缓存干扰。
  • 宽高限制:1-4096,超出范围会报错
  • 响应体自动保存,方便追溯调用结果

Comments

Loading comments...