ClawHub

Professional AI Fashion Photo & Image Generator — CLI-powered

v1.0.1

Use this skill for image-editing and image-generation tasks via the weshop CLI — virtual try-on, model swap, background replace, pose change, canvas expand,...

1· 46·0 current·0 all-time
by@sparkleming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to use the weshop CLI for image generation/editing and declares WESHOP_API_KEY as the required credential. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions stay within the advertised scope (run weshop commands, read WESHOP_API_KEY from environment, parse CLI output). The doc warns about API key handling. It does indicate that local file paths are auto-uploaded by the CLI — expected for an image service but relevant for user privacy and data-exfiltration considerations.
Install Mechanism
There is no formal install spec in the registry metadata, but SKILL.md recommends installing weshop-cli from npm (npm install -g weshop-cli@0.1.0) and links to a GitHub repo. Installing a global npm package is a common approach but carries the usual npm provenance risk; verify the package and repository before installing and prefer non-global or containerized installs when possible.
Credentials
Only one credential is required (WESHOP_API_KEY) and it is the primaryEnv. This is proportional to the stated functionality (calling the weshop API). The SKILL.md instructs the key be provided via environment variable rather than CLI args, which is appropriate.
Persistence & Privilege
Skill is instruction-only, has no install-time persistence, and does not request 'always: true'. Agent invocation settings are default; nothing in the skill attempts to modify other skills or system configuration.
Assessment
This skill appears coherent for using the weshop CLI, but take these precautions before installing or running it: - Verify the npm package and GitHub repository (weshop-cli) are legitimate and match the vendor (check maintainers, recent releases, and repo contents). Malicious or poorly maintained npm packages can run arbitrary code on install. - Prefer installing the CLI in an isolated environment (container, VM, or user-local install) instead of globally with sudo if you are unsure. - The CLI auto-uploads local image files to the WeShop service: do not upload sensitive images unless you accept that they will be transmitted to and stored/processed by openapi.weshop.ai. Review the vendor's privacy/data-retention policy. - Supply the API key via the WESHOP_API_KEY environment variable as recommended. Consider using a scoped or limited API key and rotate it if you suspect misuse. - If you want stronger assurance, inspect the CLI package source before installing and monitor outgoing network requests (confirm traffic goes to openapi.weshop.ai as claimed). If any of the above checks fail (unknown/absent repo, suspicious npm package contents, or unexpected network destinations), treat the package as untrusted and do not install or provide your API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726b5mybf4c6c9apy800rgfn844nmh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvWESHOP_API_KEY
Primary envWESHOP_API_KEY

Comments