ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Hot Girl Image Generator – Create Realistic AI Beauty Images Online – API-powered

v1.0.0

AI hot girl image — transform a person photo into a bikini model image or video

0· 18·0 current·0 all-time
by@sparkleming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The single required environment variable (WESHOP_API_KEY) and the documented endpoints (openapi.weshop.ai) align with the stated purpose of calling a third‑party image-generation API. However, the skill has no homepage/source provenance and no information about the API provider's privacy or content policies, which is notable for a tool that processes personal photos.
!
Instruction Scope
SKILL.md explicitly references uploading local images and transforming a person's photo into sexually suggestive outputs (default prompt: 'naturally undress... change the outfit into a thin bikini'). The instructions do not require or instruct the agent to verify consent, the subject's age, or that the user owns the image. This creates a realistic risk of processing sensitive personal data and generating non‑consensual or abusive deepfakes. The doc warns about API key scope (good) but gives no safeguards about input selection or retention of uploaded assets.
Install Mechanism
No install spec and no code files — instruction-only skill — so nothing is written to disk or fetched at install time. This minimizes supply-chain risk.
Credentials
Only one credential (WESHOP_API_KEY) is required and is the service's API key — this is proportionate and expected. The SKILL.md warns to only send the key to openapi.weshop.ai and to check the env var before asking the user, which is appropriate.
Persistence & Privilege
always:false and no install actions are requested; the skill does not request elevated persistence. The skill can be invoked autonomously (platform default), which combined with its ability to accept/upload images and the content scope, increases the potential blast radius if misused.
What to consider before installing
This skill appears functionally coherent with the declared WeShop API, but exercise caution before installing or using it. Key points: - Only use with images you own and where the subject has given explicit consent; avoid any images of minors. - The default prompt sexualizes the subject and could be used to create non‑consensual or abusive content — consider rejecting or sanitizing prompts and require explicit consent confirmation from the user. - Verify the API provider (openapi.weshop.ai) independently (privacy policy, data retention, acceptable use) before supplying your API key. Rotate the key if you suspect misuse. - Limit the agent's access to local files (or manually upload assets) to reduce accidental exfiltration of personal photos. - If you require stronger assurance, request more provenance from the skill author (homepage/source) and review provider policies or test in a controlled environment. Given the privacy and misuse risks, do not proceed without explicit safeguards and clear consent mechanisms.

Like a lobster shell, security has layers — review code before you run it.

latestvk974g45b4frwnnhwf0rawtwaxh84sbgr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvWESHOP_API_KEY
Primary envWESHOP_API_KEY

Comments