ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Doubao Web Image

v1.0.0

Use Playwright to host a browser and call Doubao Web's image generation function. Call this skill when the user requests to draw or generate an image using D...

0· 110·1 current·1 all-time
by@atmosphere16happy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for atmosphere16happy/doubao-web-image.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Doubao Web Image" (atmosphere16happy/doubao-web-image) from ClawHub.
Skill page: https://clawhub.ai/atmosphere16happy/doubao-web-image
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install doubao-web-image

ClawHub CLI

Package manager switcher

npx clawhub@latest install doubao-web-image
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code: the project uses Playwright to automate Doubao Web image generation and saves a local login session. That capability is coherent for the stated purpose. However the README/SKILL.md explicitly states the tool is intended to "perfectly bypass `a_bogus` signature risk control", which indicates an intentional effort to evade platform protections rather than merely integrate with the service.
!
Instruction Scope
SKILL.md instructs the agent to run a local npx ts-node command and to execute it in headless background mode; it even contains a hardcoded absolute path (/Users/pengjianfang/skills/...), which is environment-specific and incorrect for most users. The instructions also direct the skill to persist login cookies to ~/.doubao-web-session and reopen UI on CAPTCHA — this is expected for automation but expands scope to read/write persistent session files and trigger UI popups. The combination of stealth/headless operation + saved login state + explicit bypassing intent is concerning from an abuse/terms-of-service perspective.
Install Mechanism
There is no formal install spec in the registry entry (instruction-only) but the package includes package.json and package-lock with dependencies (playwright, ts-node, typescript, etc.). Using this skill will require installing Node dependencies and Playwright browser binaries (potentially via npx playwright install chromium). That is expected but nontrivial — the skill will cause large packages and browser binaries to be installed locally.
Credentials
The skill does not request environment variables or external credentials. It writes a session directory in the user's home (~/.doubao-web-session) and creates debug screenshots in the working directory; these filesystem actions are proportional to a browser-automation login flow but do persist authentication state locally (cookie/session storage).
Persistence & Privilege
always: false (no forced global presence). The skill persists login state in ~/.doubao-web-session and may re-open UI for manual CAPTCHA resolution. Persisting session files is reasonable for the feature, but combined with headless automation and explicit bypass language it increases blast radius if misused. The skill does not appear to modify other skills or global agent configuration.
What to consider before installing
This skill appears to implement Playwright automation to drive Doubao Web and persist your login session locally. Before installing or running it: - Understand it will store login cookies in ~/.doubao-web-session and may reuse your real account — consider using a throwaway account or isolated VM/container. - The SKILL.md contains an absolute, user-specific path (/Users/pengjianfang/...) — update it to a valid path or run the script from the project directory instead of blindly executing that path. - The code intentionally uses stealth options and claims to bypass platform risk controls; that may violate Doubao/ByteDance terms and could lead to account restrictions or legal/ToS issues. Consider the policy/ethics risk before using. - Installing will pull Playwright and a browser binary (large), and the script may pop up UI for manual CAPTCHA handling; run in a sandbox if you are unsure. - If you proceed, review the full client.ts (esp. any network/download logic and where it sends data), and run it with caution (offline review, limited account, or containerized environment).

Like a lobster shell, security has layers — review code before you run it.

latestvk9745909yv02wf2m9ty5by71y584g359
110downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@atmosphere16happy
latest
Download

Doubao Web Image Generator

This project/skill uses Playwright to automate browser control, directly utilizing the real environment of Doubao Web for image generation, perfectly bypassing the a_bogus signature risk control issue. (这个项目/技能通过 Playwright 自动化控制浏览器的方式,直接利用豆包 Web 端的真实环境进行图片生成,从而完美避开 a_bogus 签名风控问题。)

Features (功能)

  • Auto-save login status to ~/.doubao-web-session (自动保存登录状态在 ~/.doubao-web-session)
  • Send image generation Prompts in a real browser environment (在真实浏览器环境中发送生图 Prompt)
  • Intercept and parse SSE stream responses to get the watermark-free original image URL (拦截并解析 SSE 流式响应,获取无水印原图 URL)

How to Run (如何运行)

# Default headless mode (silent background run) and original image quality, saving to generated.png
# 默认使用无头模式 (后台静默运行) 和 获取原图画质,并默认保存为 generated.png
npx ts-node scripts/main.ts "A cyberpunk style cat (一只赛博朋克风格的猫咪)"

# Specify image save path (--output or --image)
# 指定图片保存路径 (--output 或 --image)
npx ts-node scripts/main.ts "A cyberpunk style cat" --output="./my_cyber_cat.png"

# Specify image quality (--quality=preview or --quality=original)
# preview fetches faster, original attempts to get high-res quality (default)
# 指定图片画质 (--quality=preview 或 --quality=original)
# preview 抓取速度更快,original 尝试获取大图画质 (默认)
npx ts-node scripts/main.ts "A cyberpunk style cat" --quality=preview --output="./preview_cat.png"

# For the first run or when login is required, you must use the --ui parameter to show the browser window
# 首次运行或需要登录时,必须使用 --ui 参数显示浏览器窗口
npx ts-node scripts/main.ts "Test" --ui

Command Line Arguments (命令行参数说明)

Parameter (参数)Description (说明)Default (默认值)
prompt(Required) Prompt for generating the image / (必填) 生成图片的提示词A cute golden retriever (一只可爱的金毛犬)
--output=<path> / --image=<path>Local path to save the downloaded image / 图片下载保存的本地路径./generated.png
--quality=<value>Image quality requirement: preview or original (High-res) / 图片画质要求,可选 preview (预览图) 或 original (高清原图)original
--ratio=<value>Image aspect ratio selection. Supported: 1:1 (Square avatar), 2:3 (Social media selfie), 3:4 (Classic photo), 4:3 (Article illustration), 9:16 (Mobile wallpaper portrait), 16:9 (Desktop wallpaper landscape) / 图片比例选择,支持:1:1 (正方形头像), 2:3 (社交媒体自拍), 3:4 (经典比例拍照), 4:3 (文章配图插画), 9:16 (手机壁纸人像), 16:9 (桌面壁纸风景)
--uiShow browser interface (must be used for first login) / 显示浏览器界面(首次登录时必须使用)Background silent run (后台静默运行)
--help, -hShow help menu / 显示帮助菜单

Technical Principle (技术原理)

  1. Browser Hosting (浏览器托管): Use Playwright to launch a real Chromium browser, loading the user data directory. (利用 Playwright 启动一个真实的 Chromium 浏览器,加载用户数据目录。)
  2. UI Automation (UI 自动化): Locate the input box, auto-fill Help me generate an image: {prompt} and simulate pressing Enter. (定位输入框,自动填入 帮我生成图片:{prompt} 并模拟回车。)
  3. Network Interception (网络拦截): Listen to the POST request response of /samantha/chat/completion to get the complete SSE data stream. (监听 /samantha/chat/completion 的 POST 请求响应,获取完整的 SSE 数据流。)
  4. Data Parsing (数据解析): Use regex to match the image_ori URL in the response stream. (使用正则匹配响应流中的 image_ori 的 URL。)

Directory Structure (目录结构)

  • scripts/doubao-webapi/client.ts - Core Playwright client logic (核心 Playwright 客户端逻辑)
  • scripts/main.ts - Command line entry file (命令行入口文件)
  • package.json - Project dependencies (项目依赖)

Comments

Loading comments...