ClawHub

AI Elf Generator – Create Magical Elf Characters & Elf on the Shelf Images – CLI-powered

v1.0.0

AI elf filter — transform a portrait into a fantasy elf character

0· 52·0 current·0 all-time
by@sparkleming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (elf image filter) match the declared requirements: the SKILL.md instructs use of the weshop CLI and a WESHOP_API_KEY. Requesting that single API credential is proportionate to calling a hosted image-generation service.
Instruction Scope
Instructions are narrowly scoped to running `weshop ai-elf` and checking/reading WESHOP_API_KEY from the environment; they do not ask for unrelated files or credentials. The doc asserts the CLI sends the key only to openapi.weshop.ai — this is an implementation claim the skill cannot itself enforce, so verify independently. Also note the privacy/deepfake risk: transforming real-person portraits is sensitive; consider user consent and image selection.
Install Mechanism
No install spec in the skill bundle (instruction-only), but SKILL.md tells users to install `weshop-cli` from npm/GitHub. Installing a third-party npm CLI is expected for this purpose but carries normal supply-chain risk; audit the package source and prefer scoped/verified installs or a sandboxed environment.
Credentials
Only one environment variable (WESHOP_API_KEY) is required and is declared as the primary credential. There are no unrelated secrets or config-path requirements.
Persistence & Privilege
The skill does not request permanent/global presence (always:false), does not modify other skill configs, and contains no installer that would write persistent agent-wide settings.
Assessment
This skill appears coherent: it wraps a third-party CLI and needs a WESHOP_API_KEY to call the weshop.ai service. Before installing or using it: (1) Verify the weshop-cli npm package and the GitHub repository are legitimate and review recent releases; (2) don't store your API key in shared files or pass it on the command line — use environment variables as instructed and consider a key with limited scope or a throwaway key for testing; (3) be cautious about processing sensitive or identifying photos (obtain consent and avoid images you wouldn't want uploaded); (4) if you must install the CLI, prefer doing so in an isolated environment (container, VM, or non-global npm install) and rotate the key if you suspect misuse. If you want greater assurance, ask the skill author for an integrity checksum for the CLI release or a signer identity for the npm package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fy2srxq6b63y789gwd4bcpn84p8kg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvWESHOP_API_KEY
Primary envWESHOP_API_KEY

Comments