ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Material Generator

v1.0.0

Generate Unreal Engine material node graphs from natural language descriptions, supporting key nodes like TextureSample, Multiply, Lerp, and MaterialOutput.

0· 99·0 current·0 all-time
by@tianheihei002

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tianheihei002/material-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Material Generator" (tianheihei002/material-generator) from ClawHub.
Skill page: https://clawhub.ai/tianheihei002/material-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install material-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install material-generator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (generate Unreal Engine material node graphs) matches the SKILL.md content describing project files and node types. However, the skill embeds an external model API (api.minimaxi.com) and a hardcoded API key directly in SKILL.md while the registry metadata lists no required credentials — that is disproportionate and inconsistent.
!
Instruction Scope
Runtime instructions direct the agent to use a remote API and provide an example App URL and sample JSON. That means user-provided material descriptions and possibly project content would be sent to an external service (minimaxi) not declared in metadata; SKILL.md does not limit or explain what data is transmitted.
Install Mechanism
This is an instruction-only skill with no install spec or code files to be written to disk, which minimizes installation risk.
!
Credentials
No required environment variables are declared, yet a sensitive-looking API key is embedded in SKILL.md. The hardcoded key is a secret (pattern 'sk-...') and its presence without being declared or explained is disproportionate and risky (exposes credentials and hides external trust boundaries).
Persistence & Privilege
The skill does not request persistent/always-on privileges and is user-invocable only. There is no indication it modifies other skills or system-wide settings.
What to consider before installing
Do not install this skill without addressing the external API and the hardcoded key. Specific steps to consider: - The SKILL.md embeds an API base (api.minimaxi.com), an App URL, and a hardcoded API key; this means your prompts and possibly project data would be sent to that third party. Only proceed if you trust that endpoint and its privacy/security practices. - Ask the publisher to remove the hardcoded key and require a declared environment variable (e.g., MINIMAXI_API_KEY) so you can supply your own credential; never use the embedded key. - Verify who operates minimaxi.com and the App domain (k2lucelsen19.space.minimaxi.com). If you cannot verify ownership, avoid sending proprietary assets or code to it. - Prefer skills that declare required credentials in metadata and document what data is transmitted. If you already pasted sensitive material while testing, rotate any credentials that may have been exposed. - If you need this functionality but want safer operation, request an updated skill that uses a user-supplied API key (declared in requires.env) and documents exactly what is posted to the remote API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dhe56e8tcgzh3asw03cm0ex854hs6
99downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@tianheihei002
latest
Download

UE材质生成器技能包

部署地址(最新)

App:  https://k2lucelsen19.space.minimaxi.com
示例JSON(血迹后处理材质): https://k2lucelsen19.space.minimaxi.com/BP_BloodPostProcess.json

项目位置

/workspace/material-generator/

概述

UE材质生成器:输入自然语言描述 → 生成UE材质节点图(支持TextureSample、Multiply、Lerp、Constant、TexCoord、MaterialOutput等节点)。

核心文件

  • src/App.tsx — 主界面(输入框/历史/修改面板)
  • src/MaterialCanvas.tsx — ReactFlow画布(拖拽节点)
  • src/BpNode.tsx — 材质节点渲染(官方UE颜色)
  • src/Sidebar.tsx — 选中节点信息/修改
  • src/api.ts — AI生成逻辑 + autoLayout
  • src/types.ts — MaterialGraph/MaterialNode/MaterialPin类型
  • public/ — 静态JSON示例文件

API配置

  • Base: https://api.minimaxi.com/v1
  • Model: MiniMax-M2.7
  • Key: sk-cp-g2MZf43bhLucC0sCMI-BeaXycKl5MDj_dPN_mPKn7IfqlAL1bS8YP-ERiEi9ZJMLu7I2XXIMjw9Xb8x-9iONlnOg24dBV5imId_W5v1oyivKwZCMr7nix6c

节点颜色(UE官方标准)

  • texture_sample: header=#A855F7 紫色
  • math: header=#00D4FF 青色
  • lerp: header=#FBBF24 黄色
  • param: header=#F97316 橙色
  • constant: header=#22C55E 绿色
  • output: header=#16A34A 深绿
  • texcoord: header=#3B82F6 蓝色

Pin颜色

  • float: #22C55E
  • float2: #00D4FF
  • float3: #FBBF24
  • float4: #F97316
  • sampler: #A855F7

常见问题

  • 构建失败:检查tsconfig.json是否包含必要配置
  • Sidebar.tsx中JSX字符串必须用双引号,避免嵌套引号问题
  • 删除残留的BlueprintCanvas.tsx(从蓝图生成器复制时会带过来)

Comments

Loading comments...