ClawHub

cloudflare-workers-ai-image

v1.1.1

Generate and edit images through Cloudflare Workers AI using one skill that supports text-to-image and image-to-image. Use when the user asks to generate, dr...

0· 84·0 current·0 all-time
by@slippersheepig
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and included scripts all focus on text2img and img2img via Cloudflare Workers AI and require the Cloudflare account ID and API token — these requirements are proportional and expected.
Instruction Scope
Runtime instructions limit actions to building prompts, sending requests to Cloudflare's API, writing a temporary image file and handing it to the current conversation provider; the scripts only read an optional input image and environment variables CF_ACCOUNT_ID/CF_API_TOKEN. There is no instruction to read unrelated files or exfiltrate arbitrary data.
Install Mechanism
No install spec (instruction-only with bundled scripts). No downloads or archive extraction — minimal risk from installation.
Credentials
Only CF_ACCOUNT_ID and CF_API_TOKEN are required, which are appropriate for calling Cloudflare Workers AI. The README/docker-compose advice tells users to limit token scope. No other credentials or unrelated env vars are requested.
Persistence & Privilege
Skill is not forced-always, does not request system-wide configuration changes, and does not modify other skills. It relies on the agent to delete temporary files after sending (the script only writes and prints the path).
Assessment
This skill appears coherent and limited to calling Cloudflare Workers AI. Before installing, ensure the CF_API_TOKEN you provide has the minimum permissions required for Workers AI/inference only (do not use a full account token). Run the skill in an isolated environment (container) so temporary files under the specified output path cannot be read by other processes you don't trust. Note: the script writes the generated image and prints its path but does not delete it — the SKILL.md expects the agent runtime to remove temporary files after successful delivery, so confirm your runtime implements that cleanup. Finally, rotate/revoke the API token if you stop using the skill or if the token is used elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798nc275kvp2f1pxhtc7gs45848h7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments