Skywork Design

Generate or edit images via backend Skywork Image API. Use for any image creation, poster design, logo design, visual asset generation, or image modification...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 30 · 0 current installs · 0 all-time installs

bySkywork AI@gxcun17

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to be an image-generation/editing integration with Skywork — the code and SKILL.md match that purpose and call Skywork endpoints. However the registry metadata declared no required env vars or binaries while the runtime expects environment variables (SKYBOT_TOKEN, SKYWORK_GATEWAY_URL, SKYWORK_API_BASE, SKYWORK_WEB_BASE) and the presence of the 'uv' runner and Python 3.10+. The metadata omission is an incoherence: the skill will fail or prompt for interactive login if those values/tools are not present.

Instruction Scope

SKILL.md instructs the agent to run the provided auth and generation scripts and to surface any login URL to the user. The auth script may open a browser, poll a remote API, validate tokens, and save token data to ~/.skywork_token. These actions (network calls, browser opening, writing a home-file) are within the expected scope for an API auth flow but SKILL.md and metadata do not fully declare them (e.g., no mention of saving tokens to ~/.skywork_token). The preflight asks for 'command -v uv' yet required binaries were declared none.

ℹ

Install Mechanism

There is no install spec (instruction-only), which is lower risk for arbitrary downloads. The skill includes Python scripts that will be executed locally; they use only stdlib modules and urllib/requests (requests declared in script header comments). No external binary downloads or archive extraction are present in the files provided.

Credentials

The code relies on several environment/config items that are not declared in the skill metadata: SKYBOT_TOKEN (primary token), optional overrides (SKYWORK_GATEWAY_URL, SKYWORK_API_BASE, SKYWORK_WEB_BASE). The auth flow persists credentials to a global file (~/.skywork_token), which may be reused by other processes/skills and is not scoped to the skill. These are proportionate to an API-backed image service, but the omission from declared requirements and the use of a shared home-file token storage are noteworthy risks.

Persistence & Privilege

always:false (normal), but the auth script writes a persistent token file to the user's home directory (~/.skywork_token). While storing an auth token is expected for convenience, it creates a cross-skill/global credential that other local tools could pick up. The skill does not modify other skills' configs, but the global token file increases blast radius if the token is compromised or overly permissive.

Scan Findings in Context

[NETWORK_CALL_API_SKYWORK] expected: Scripts make HTTPS requests to api.skywork.ai and api-tools.skywork.ai to create/edit images and handle auth. Network calls are expected for this integration.

[WRITE_HOME_TOKEN_FILE] unexpected: Auth script saves token JSON to ~/.skywork_token. Persisting tokens is functionally expected, but storing them in a global home file (not declared in metadata) increases risk if you run multiple skills or untrusted code on the same machine.

[OPEN_BROWSER_SUBPROCESS] expected: Auth code attempts to open a browser (open/start/xdg-open) and prints a [LOGIN_URL] marker; opening a browser and printing a login URL is expected for interactive OAuth-style flows, but headless environments must instead surface the printed URL to the user as SKILL.md instructs.

[BASE64_EMBED_LOCAL_IMAGES] expected: generate_image.py base64-encodes local input images and sends them to the backend; this is expected for image editing uploads but means local image bytes are transmitted to the remote service.

What to consider before installing

What to consider before installing/running this skill: - The skill appears to implement a legitimate Skywork image API client, but the package metadata omits important runtime expectations (Python 3.10+, the 'uv' runner, and environment/config variables). Don't assume it will work out-of-the-box. - Authentication will either use an environment token (SKYBOT_TOKEN) or perform an interactive login that opens a browser and saves a token to ~/.skywork_token. If you run this in a shared environment or CI, prefer providing a scoped SKYBOT_TOKEN and avoid running the interactive flow. - The scripts will upload local images (they are base64-encoded and transmitted) — ensure you trust Skywork's service and are comfortable sending those images off-host. - The token file in your home directory is readable by any process with your user privileges; consider the token's scope and lifetime. If you install this skill, rotate or remove the token when no longer needed. - The skill's source lacks a homepage and the registry owner is unknown. If you require higher assurance, ask the publisher for: an official homepage or docs, the token permission/scope, privacy policy, and whether the gateway endpoints are official Skywork services. If you want to proceed safely: provide a minimal, scoped SKYBOT_TOKEN via environment rather than performing interactive login; run the scripts in a dedicated user account or sandbox; confirm the endpoints (api.skywork.ai and api-tools.skywork.ai) are the official service; and review the saved ~/.skywork_token contents before trusting it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk9761917gg7qkfakvhkcnsggf1830a84

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Visual Design — Image Generation & Editing

Generate new images or edit existing ones via the backend image API. Be patient, it takes about 2 minutes to generate an image each time.

Authentication (Required First)

Before using this skill, authentication must be completed. Run the auth script first:

# Authenticate: checks env token / cached token / browser login
python3 <skill-dir>/scripts/skywork_auth.py || exit 1

Token priority:

Environment variable SKYBOT_TOKEN → if set, use directly
Cached token file ~/.skywork_token → validate via API, if valid, use it
No valid token → opens browser for login, polls until complete, saves token

IMPORTANT - Login URL handling: If script output contains a line starting with [LOGIN_URL], you MUST immediately send that URL to the user in a clickable message (e.g. "Please open this link to log in: <url>"). The user may be in an environment where the browser cannot open automatically, so always surface the login URL.

Usage

Run the script using absolute path (do NOT cd to skill directory):

Generate new image:

uv run <SKILL_DIR>/scripts/generate_image.py --prompt "description" --filename "output.png" [--aspect-ratio 3:4] [--resolution 1K|2K|4K]

Edit existing image:

uv run <SKILL_DIR>/scripts/generate_image.py --prompt "edit instructions" --filename "output.png" --input-image "source.png" [--aspect-ratio 3:4] [--resolution 2K]

Edit with multiple reference images:

uv run <SKILL_DIR>/scripts/generate_image.py --prompt "combine these styles" --filename "output.png" -i "ref1.png" -i "ref2.png"

Always run from the user's working directory so images save there.

When to Generate vs Edit

Generation (--prompt only): Creating new images from scratch — posters, logos, illustrations, photos, infographics.
Editing (--prompt + --input-image): User provides existing image(s) and wants modifications — style changes, element addition/removal, color adjustments, format conversion.
- Notice: Edit api supports character resemblance of up to 4 characters and the fidelity of up to 10 objects in a single workflow

If the user uploads/references images and wants changes, always use --input-image.

Resolution

1K — ~1024px, fast drafts
2K (default) — ~2048px, good for most deliverables
4K — ~4096px, final high-res output

Map user requests: "low/draft" → 1K, "normal/medium/2K" → 2K, "high-res/hi-res/4K/ultra" → 4K.

Aspect Ratio

Supported ratios: 1:1, 2:3, 3:2, 3:4, 4:3, 4:5, 5:4, 9:16, 16:9, 21:9.

Selection guidance:

1:1 — Social media avatars, icons, album covers
3:4 / 4:3 — General posters, presentations
4:5 / 5:4 — Instagram posts, portraits
9:16 / 16:9 — Mobile stories / desktop wallpapers, video covers
2:3 / 3:2 — Print posters, book covers
21:9 — Ultra-wide banners, cinema format

If the user doesn't specify, omit --aspect-ratio and let the API decide.

Filename Convention

Pattern: yyyy-mm-dd-hh-mm-ss-descriptive-name.png

Examples:

"A serene Japanese garden" → 2026-03-10-14-23-05-japanese-garden.png
"sunset over mountains" → 2026-03-10-15-30-12-sunset-mountains.png
Unclear context → 2026-03-10-17-12-48-x9k2.png

Preflight

command -v uv (must exist)
If editing: verify each --input-image file exists

Common Failures

Error: Input image not found: → wrong path; verify --input-image file exists
HTTP error 500 → backend service error; retry or check server status
Request failed: Connection refused → backend service unavailable; ensure the service is running
Insufficient benefit: The script or log may show a message like Insufficient benefit. Please upgrade your account at {url}, meaning the user's benefit level does not meet the requirement for this skill.

How to reply when benefit is insufficient

When you detect the above, reply in the user's current language — do not echo the English message. Use this pattern:

Convey: "Sorry, image generation failed. This skill requires upgrading your Skywork membership to use." then a single call-to-action link.
Format: One short sentence in the user's language + a link like [Upgrade now →](url) or the equivalent in their language.
URL: Extract the upgrade URL from the log/script output (e.g. the at https://... part).

Output

Script prints the local file path and the OSS URL.
Depending on the platform, use the most appropriate way to deliver the image (e.g. send as image message, display inline, or print the URLs). By default, return both the local path and OSS URL to the user. The OSS URL ensures cross-platform accessibility.

Design Scenarios

Match the user's request to a scenario and read the corresponding file for specialized workflow:

E-commerce product image: See scenarios/e-commerce.md
Storyboard: See scenarios/storyboard.md
Infographic: See scenarios/infographic.md
Logo: See scenarios/logo.md
Branding / VI: See scenarios/branding.md
Brochure: See scenarios/brochure.md
Social media: See scenarios/social-media.md
Poster: See scenarios/poster.md

Prompt Engineering

Prompts Best Practices

Follow these principles for quality prompts using the image API for generation or editing:

Describe the scene, don't just list keywords. A narrative, descriptive paragraph produces much better results than disconnected words. The model's core strength is deep language understanding.
- Weak: "cat, sunset, beach"
- Strong: "A ginger tabby cat sitting on a sandy beach at golden hour, facing the camera with soft warm backlighting, shallow depth of field, ocean waves blurred in the background"
Be hyper-specific. The more detail you provide, the more control you have. Include all visual details: style, colors, composition, lighting, background, textures.
Provide context and intent. Explain the purpose of the image — the model's understanding of context influences the output.
Use step-by-step instructions for complex scenes with many elements. Break the prompt into layers: foreground, middle ground, background.
Use "semantic negative prompts." Instead of "no cars," describe positively: "an empty, deserted street with no signs of traffic."
Control the camera. Use photographic and cinematic terms: "wide-angle shot", "macro shot", "low-angle perspective", "bird's eye view", "rule of thirds", "shallow depth of field".
Time perception. If the result needs real-time timeliness, mention the current time context in the prompt.
Text in images. Place text content within double quotation marks:

A movie poster with the title "INCEPTION" in large silver metallic letters at the top
Clearly specify and emphasize the elements that require modification. Describe reference images by their order (first image, second image), not by filename.

Files

11 total

Select a file

Select a file to preview.

Comments

Loading comments…