AI Christmas Photo Generator - Create Festive Images Online – CLI-powered
v1.0.0AI Christmas photo generator — transform a portrait into a festive Christmas scene
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (AI Christmas photo generator) aligns with the declared requirement (WESHOP_API_KEY) and the SKILL.md which instructs use of the weshop CLI (weshop ai-christmas-photo). No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime actions to calling the weshop CLI and checking/using the WESHOP_API_KEY environment variable. It does not instruct reading unrelated files or exporting data to other endpoints. Note: the default prompt requests realistic preservation of facial details — processing/photos of people raises privacy/consent and deepfake considerations that you should review separately.
Install Mechanism
This is an instruction-only skill with no bundled install spec, but it tells users/agents to install the npm package weshop-cli. Installing arbitrary npm packages carries the usual supply-chain risks; the skill itself does not include or vet the package code.
Credentials
Only a single environment variable (WESHOP_API_KEY) is required and is appropriate for an API-backed CLI. The SKILL.md states the key is read from the environment and should not be passed on the command line. The claim that the CLI sends the key only to openapi.weshop.ai is unverifiable from the skill alone — verify the CLI source and network behavior if this matters.
Persistence & Privilege
The skill does not request always-on privileges, does not modify other skills or global agent configs, and does not claim persistent system presence. It is user-invocable only.
Assessment
This skill appears to do what it says: it runs the third‑party weshop CLI and needs a single WeShop API key. Before installing or using it: (1) verify the weshop-cli package and its GitHub repo (review code, recent commits, and publisher) because npm packages can contain malicious code; (2) never paste your API key into prompts or CLI arguments — set WESHOP_API_KEY in a secure environment; (3) be cautious about uploading photos of real people (obtain consent and check privacy/usage policies, and avoid uploading sensitive images); (4) if you need stronger assurance, install/run the CLI in an isolated environment (container/VM) and observe its network calls to confirm it only contacts the claimed openapi.weshop.ai endpoint.Like a lobster shell, security has layers — review code before you run it.
latestvk978hmv9zjhh85xqyyx2bf3ga184m69g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvWESHOP_API_KEY
Primary envWESHOP_API_KEY