ClawHub

Vpick Ai Image Generator

v1.0.1

Multi-model AI image generation on a visual canvas. Supports Midjourney (relaxed/fast/turbo, v7.0, 4-image grid), Grok Imagine (6 images per call, auto I2I),...

0· 50·0 current·0 all-time
by@snoopyrain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to provide multi-model image generation via the VPick platform and its SKILL.md only describes interacting with VPick canvas APIs (get_canvas, add_node, run_image_generator, upload_image, etc.). There are no unrelated binaries, env vars, or installs requested — this matches the stated purpose.
Instruction Scope
Instructions are focused on creating canvas nodes, setting prompts, uploading reference images, and invoking generation on VPick. This is in-scope for an image-generation connector. Note: the instructions explicitly route prompts and uploaded images through VPick and onward to third-party model providers — that is expected for this service but is a real privacy/data-flow consideration (prompts and images leave your environment).
Install Mechanism
No install spec or code is present (instruction-only skill). Nothing will be downloaded or written by the skill itself, which lowers installation risk.
Credentials
The skill declares no required environment variables or local credentials, which is coherent because it uses an MCP URL token supplied via the connector UI. However, the MCP link is effectively a bearer credential embedded in a URL — giving that link to the agent/platform grants generation/manage access to your VPick account. This is proportionate to the claimed function but carries credential-handling and privacy implications that users must accept.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and can be called autonomously (default), which is normal for skills. It does not request access to other skills' configs or system-wide settings.
Assessment
This skill appears to do what it says: it instructs the agent to call the VPick service using a connector URL that contains an embedded token. Before installing or using it, consider: 1) Trust and provenance: the skill's source is 'unknown' and the homepage/owner are external — verify VPick's legitimacy and privacy policy. 2) Token handing: the MCP link is a bearer token in a URL — only paste it into connectors you trust. If compromised, rotate/regenerate the token. 3) Data leakage: prompts and uploaded reference images are sent to VPick and then to third-party model providers; do not upload sensitive or private images. 4) Billing: usage is charged to your VPick credit balance — check pricing and monitor usage. 5) Mitigations: test with a throwaway VPick account with minimal credit, avoid uploading sensitive data, review VPick documentation and contact/support channels, and revoke the MCP link if anything looks suspicious. If you want stronger assurance, ask the publisher for source code or audit logs showing how tokens and uploads are handled.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ek6xppaa0xxg6d2fjx2gy4183syrm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis

Comments