ClawHub

Tarot Card Art Generator

v1.0.0

Generate stunning AI tarot card art and mystical oracle deck illustrations. Create custom major and minor arcana designs, divination card artwork, spiritual...

0· 96·0 current·0 all-time
by@omactiengartelle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise AI tarot card imagery and the included script posts prompts to api.talesofai.com (Neta) to generate images. Requiring a Neta API token (passed via --token) is proportionate and expected. Minor note: SKILL.md/README refer to neta.art/open while code targets api.talesofai.com (this appears consistent: neta.art/open is the signup and api.talesofai.com is the service).
Instruction Scope
SKILL.md instructs running the provided Node script with a --token flag and optional size/ref — the script only reads argv, constructs a JSON payload, and polls the provider for an image URL. It does not read other files, environment variables, or system paths, nor does it exfiltrate data to endpoints unrelated to the declared image API.
Install Mechanism
No install spec is present (instruction-only behavior). The package contains a small Node script and package.json; nothing downloads arbitrary third-party code at runtime or extracts archives. The README suggests adding via npx/registry which is normal for a published skill.
Credentials
No environment variables or unrelated credentials are requested. The only secret needed is the Neta API token, and the script expects it via a CLI flag (--token), which is appropriate for access to the stated third‑party API.
Persistence & Privilege
The skill does not request always-on presence, does not modify other skills or system-wide agent settings, and does not persist credentials or state beyond sending the token to the Neta API. Autonomous invocation defaults are unchanged.
Assessment
This skill appears coherent and limited to calling the Neta image API, but before installing consider: 1) The script requires you to provide an API token; passing secrets on the command line can expose them in shell history or to other users via process listings (ps). Prefer to use a short-lived/throwaway token or run in an isolated environment. 2) Confirm you obtained your token from the official Neta site (neta.art/open) and that you trust api.talesofai.com as the provider; the script will upload your prompt and any reference UUIDs to that service and will print a hosted image URL. 3) The repository/source is listed as unknown/no homepage — if you need stronger assurance, review the short JS file yourself (it’s included and straightforward) or ask the publisher for provenance. 4) If you dislike passing tokens on the CLI, modify the script to read from a secured environment variable or file before use. If you accept those caveats, the skill is consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97djaf24nv23pmw23f6jtxz4984gecj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments