Openai Image Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently generates OpenAI images and a local gallery, but users should notice its API-key use, configurable API endpoint, limited provenance, and unescaped prompt text in the generated HTML.
Before installing or running, verify the script, set OPENAI_API_KEY only in a trusted environment, confirm OPENAI_BASE_URL/OPENAI_API_BASE are unset or trusted, expect OpenAI API billing, and be cautious opening the generated index.html if prompts came from untrusted text.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can use your OpenAI account and API credits; exposing the key would let others use that account authority.
The script uses an OpenAI API key as bearer authentication. This is expected for the stated OpenAI Images API purpose, but it is account authority and may incur API charges.
p.add_argument("--api-key", default=None)
...
api_key = args.api_key or os.environ.get("OPENAI_API_KEY")
...
"Authorization": f"Bearer {api_key}",Use a restricted or easily rotatable OpenAI API key, prefer the OPENAI_API_KEY environment variable over command-line --api-key, and ensure the registry metadata clearly declares the credential requirement.
If OPENAI_BASE_URL or OPENAI_API_BASE points to an untrusted server, your prompt text and API key could be sent there.
The API destination can be changed by environment variables. The default is OpenAI, but if these variables are set, prompts and the bearer credential are sent to that configured endpoint.
base = (
os.environ.get("OPENAI_BASE_URL")
or os.environ.get("OPENAI_API_BASE")
or "https://api.openai.com"
).rstrip("/")Before running, check or unset OPENAI_BASE_URL and OPENAI_API_BASE unless you intentionally use a trusted OpenAI-compatible proxy.
A malicious prompt containing HTML or JavaScript could affect the local gallery page when opened.
User-supplied prompt text is inserted into index.html without HTML escaping. Default random prompts are plain text, but copied or supplied markup could be interpreted by the browser when the gallery is opened.
p.add_argument("--prompt", action="append", default=None, help="repeatable; overrides random prompts")
...
html.append(f"<pre>{it['prompt']}</pre>")Escape prompt text before writing HTML, for example with html.escape, and avoid using untrusted HTML-like prompt text until that is fixed.
You must rely on the provided artifact and registry owner identity rather than an independently verifiable upstream project page.
The artifacts do not provide an upstream source or homepage for provenance. This is not suspicious by itself because the included script is visible and has no package install step, but it limits trust context.
Source: unknown Homepage: none
Review the included script before use and prefer a version with a documented source repository or signed release if available.