ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SnapOG

v1.0.0

Generate social images and OG cards from professional templates via the SnapOG API. One API call = one pixel-perfect PNG.

0· 776·0 current·0 all-time
bytaylor@beameasy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate OG/social images) matches the requirements and runtime instructions. The only required secret is SNAPOG_API_KEY which is appropriate for an API-backed image generation service.
Instruction Scope
SKILL.md instructs the agent to call the SnapOG API and to read SNAPOG_API_KEY from the environment — this is expected. The docs also mention features that can transmit results externally (webhook_url and creating signed URLs that work without auth). These are API features (not hidden agent behavior) but are worth noting because a user could accidentally expose generated images or create signed URLs with too-long expiry or point webhooks at attacker-controlled endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
Only SNAPOG_API_KEY is required and declared as the primary credential. That is proportionate to the stated functionality; no unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Agent autonomous invocation is allowed by default but is not combined with any elevated privileges here.
Assessment
This skill appears to do exactly what it says: call the SnapOG API using SNAPOG_API_KEY to generate images. Before installing: (1) keep your SNAPOG_API_KEY secret (don’t paste it into public repos or share it), (2) be cautious when using webhook_url or creating signed URLs — only point webhooks to trusted endpoints and keep signed-URL expirations short so you don't unintentionally publish private content, (3) verify you trust https://snapog.dev (check their docs/TOS/privacy) since generated assets and parameters will be sent to that service, and (4) rotate the API key if you suspect it was exposed. Overall there are no incoherent or disproportionate requirements in this skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
EnvSNAPOG_API_KEY
Primary envSNAPOG_API_KEY
latestvk97brhbv9097spdng44ds3vkxn810z58
776downloads
0stars
1versions
Updated 10h ago
v1.0.0
MIT-0
taylor@beameasy
latest
Download

SnapOG — Social Image Generation

Generate OG images, social cards, and marketing visuals from professionally designed templates. Returns pixel-perfect PNGs in under 100ms.

API Base: https://api.snapog.dev

Authentication

All generation requests require a Bearer token. The API key is read from the SNAPOG_API_KEY environment variable.

Authorization: Bearer $SNAPOG_API_KEY

Preview and template listing endpoints work without authentication.

Available Templates

TemplateIDBest For
Blog Postblog-postBlog articles, tutorials, documentation
AnnouncementannouncementProduct launches, updates, releases
Stats CardstatsMetrics dashboards, quarterly results
QuotequoteTestimonials, pull quotes, social shares
Product CardproductSaaS products, pricing, features
GitHub Repogithub-repoOpen source projects, repo cards
EventeventConferences, meetups, webinars
ChangelogchangelogRelease notes, version updates
Brand Cardbrand-cardCompany pages, docs, marketing
Photo Herophoto-heroBlog headers, news, portfolios

Core Workflows

1. List templates and discover parameters

curl https://api.snapog.dev/v1/templates

Returns all templates with their paramSchema (parameter names, types, required fields, defaults). Always call this first if the user hasn't specified a template.

2. Generate an image (POST)

Use this for downloading images or advanced options:

curl -X POST https://api.snapog.dev/v1/generate \
  -H "Authorization: Bearer $SNAPOG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "template": "blog-post",
    "params": {
      "title": "Building with MCP",
      "author": "Taylor",
      "tags": ["AI", "Tools"],
      "accentColor": "#6366f1"
    }
  }' \
  --output og-image.png

POST body fields:

  • template (string, required) — template ID
  • params (object, required) — template parameters
  • width (number) — image width in pixels (default: 1200)
  • height (number) — image height in pixels (default: 630)
  • format ("png" | "svg" | "pdf") — output format (default: png)
  • fontFamily (string) — any Google Font family name
  • webhook_url (string) — URL to POST when generation completes

Save the response body directly to a .png file. The response Content-Type is image/png.

3. Generate via URL (GET)

Use this when the user needs a URL to embed in HTML meta tags, markdown, or anywhere an image URL is needed:

https://api.snapog.dev/v1/og/blog-post?title=Building+with+MCP&author=Taylor&tags=AI,Tools

This URL itself serves the image. Parameters are query strings. Requires Authorization header or a signed URL.

4. Preview a template (no auth needed)

curl https://api.snapog.dev/v1/preview/blog-post --output preview.png

Renders the template with its default parameters. Useful for showing the user what a template looks like before customizing.

5. Create a signed URL (for meta tags)

Signed URLs let you embed images in <meta> tags without exposing the API key:

curl -X POST https://api.snapog.dev/v1/sign \
  -H "Authorization: Bearer $SNAPOG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "template": "blog-post",
    "params": { "title": "My Post" },
    "expiresIn": 86400
  }'

Returns { "url": "https://api.snapog.dev/v1/og/blog-post?title=...&token=..." }. This URL works without authentication and can be placed directly in HTML:

<meta property="og:image" content="SIGNED_URL_HERE" />

6. Batch generate (multiple sizes)

Generate the same image in multiple sizes at once:

curl -X POST https://api.snapog.dev/v1/batch \
  -H "Authorization: Bearer $SNAPOG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "template": "blog-post",
    "params": { "title": "My Post" },
    "sizes": ["og", "twitter", "farcaster", "instagram-square"]
  }'

Size presets: og (1200x630), twitter (1200x628), farcaster (1200x800), instagram-square (1080x1080), instagram-story (1080x1920), linkedin (1200x627), facebook (1200x630), pinterest (1000x1500).

Common Parameters

Most templates accept these shared parameters:

  • title (string, required) — main heading
  • accentColor (color) — theme color, e.g. #6366f1
  • logo (url) — logo image URL
  • fontFamily (string) — any Google Font, e.g. "Space Grotesk"

Each template has additional specific parameters. Call /v1/templates to see the full schema for any template.

Tips

  • Choosing a template: Match the content type — blog-post for articles, announcement for launches, github-repo for OSS projects, stats for metrics, quote for testimonials.
  • Colors: Pass hex colors like #6366f1. Most templates support accentColor for theming.
  • Arrays: For tags and changes, pass as JSON arrays: ["tag1", "tag2"].
  • Stats: The stats template expects a JSON array: [{"label": "Users", "value": "10K"}].
  • Images: For logo, image, authorImage — pass a publicly accessible URL.
  • Output: Default is 1200x630 PNG (standard OG image size). Use width/height to customize.
  • Formats: Use "svg" for vector output, "pdf" for print-ready documents.

Full API Docs

For the complete API reference as markdown (useful for deeper integration):

curl https://api.snapog.dev/v1/docs

Comments

Loading comments...