ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Seedream 5 via BytePlus

v0.1.0

Generate images with Seedream 5 through the BytePlus Ark API using a direct API key. Use when the user wants Seedream 5 image generation, mentions BytePlus A...

0· 83·0 current·0 all-time
byGamal Eldien Tarek Abdelsataar@gamaleldientarek

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gamaleldientarek/seedream-5-byteplus.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Seedream 5 via BytePlus" (gamaleldientarek/seedream-5-byteplus) from ClawHub.
Skill page: https://clawhub.ai/gamaleldientarek/seedream-5-byteplus
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install seedream-5-byteplus

ClawHub CLI

Package manager switcher

npx clawhub@latest install seedream-5-byteplus
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared registry metadata lists no required environment variables or primary credential, but both the SKILL.md and the included script require SEEDREAM_API_KEY. Requiring an API key is expected for this purpose, but failing to declare it in metadata is an incoherence.
!
Instruction Scope
The instructions and script stay within the stated purpose (POST to BytePlus Ark and download the returned image). However the script sources /root/.clawdbot/.env if present, which may cause the skill to load unrelated secrets from a global agent file rather than a skill-scoped credential — this broad file access is out of scope for simple image generation.
Install Mechanism
No install spec; skill is instruction-only with a small bundled shell script. Nothing is downloaded or executed from external URLs during install.
!
Credentials
Requesting an API key (SEEDREAM_API_KEY) is proportionate, but the package fails to declare it in metadata. Additionally, sourcing /root/.clawdbot/.env can expose other environment secrets stored there — the script assumes a global agent .env location rather than using a clearly-named skill-scoped variable or config file.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and only writes output into /root/clawd/output. Autonomous invocation is allowed (platform default) but not combined with other broad privileges here.
What to consider before installing
This skill appears to perform the advertised task, but the package is inconsistent and could leak unrelated secrets. Before installing or using it: (1) Confirm and set SEEDREAM_API_KEY explicitly (the registry metadata did not declare it). (2) Avoid putting unrelated secrets in /root/.clawdbot/.env; instead store the key in a skill-specific env file or pass it at runtime. (3) Review the included script (scripts/seedream-generate.sh) yourself — it POSTs to BytePlus Ark and then downloads the returned image URL, printing raw API responses on failure. (4) Run the skill in a restricted environment or container if you are concerned about .env exposure. If the maintainer can update the registry metadata to declare SEEDREAM_API_KEY and remove or namespace the global .env sourcing, the package would be more trustworthy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqcb9azjg75scsehtws1hv584dvwk
83downloads
0stars
1versions
Updated 2w ago
v0.1.0
MIT-0
Gamal Eldien Tarek Abdelsataar@gamaleldientarek
latest
Download

Seedream 5 via BytePlus Ark

Generate images through BytePlus Ark using the bundled script in scripts/seedream-generate.sh.

Quick start

  1. Ensure SEEDREAM_API_KEY is available in the environment or in /root/.clawdbot/.env.
  2. Run:
/root/clawd/skills/seedream-5-byteplus/scripts/seedream-generate.sh "your prompt here" [output-file]

Example:

/root/clawd/skills/seedream-5-byteplus/scripts/seedream-generate.sh \
  "A cinematic scene of a monkey sitting proudly on top of a red Ferrari sports car" \
  /root/clawd/output/seedream-monkey-ferrari.jpg

The script prints the saved file path on success.

When to use this skill

Use this skill when:

  • The user has a Seedream / BytePlus Ark API key
  • The user wants Seedream 5 specifically
  • The user mentions BytePlus Ark, Seedream, or seedream-5-0-260128

Do not use this skill for:

  • Black Forest Labs direct FLUX API
  • fal.ai keys (FAL_KEY)
  • OpenAI image generation
  • Google Gemini image generation

Ask about size when needed

If the user clearly needs a specific layout or delivery format, ask for the target size or aspect ratio before generating.

Examples:

  • social post
  • story / reel cover
  • wallpaper
  • poster
  • banner
  • print asset
  • exact pixel dimensions

If the user does not care, use the default size.

Default behavior

The script defaults to:

  • model: seedream-5-0-260128
  • size: 2K
  • response format: url
  • watermark: false

Override these with environment variables before running:

export SEEDREAM_MODEL=seedream-5-0-260128
export SEEDREAM_SIZE=1K

Then call the script normally.

How it works

The script sends a POST request to the BytePlus Ark image generation endpoint, extracts the returned image URL, and downloads the image locally.

Troubleshooting

  • If the script says SEEDREAM_API_KEY not set, add the key to the environment first.
  • If generation fails, inspect the JSON returned by the API; the script prints it to stderr.
  • If the provider returns no image URL, inspect the raw response to confirm the response schema.

scripts/

  • scripts/seedream-generate.sh — direct Seedream 5 image generation via BytePlus Ark API

Comments

Loading comments...