ClawHub

Chibi Gen Skill

v2.0.1

Generate chibi character generator ai images with AI via the Neta AI image generation API (free trial at neta.art/open).

0· 113·0 current·0 all-time
by@tomcarranzaem
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim image generation via the Neta API and the code (chibigen.js), README, and SKILL.md all call the same API endpoints (api.talesofai.com). This is coherent. Note: registry metadata at the top stated 'Required env vars: none' while package.json and SKILL.md require NETA_TOKEN — a minor metadata mismatch.
Instruction Scope
SKILL.md instructs running the included Node script with a Neta token and optional flags; the script only sends the prompt, size, and optional reference UUID to the image API and polls for the result. It does not read local secrets, shell history, or unrelated system files.
Install Mechanism
There is no download-from-arbitrary-URL install step; package.json and README reference adding the skill via npx/clawhub. The repo includes the runnable JS file. No suspicious installers or remote code downloads are present.
Credentials
The skill requires a single service credential (NETA_TOKEN) which is appropriate for an API-based image generator. However, the registry summary omitted this requirement while package.json and docs declare it — users should be aware the token is required and will be sent to api.talesofai.com.
Persistence & Privilege
Skill does not request permanent/always-on presence; defaults allow user invocation and autonomous invocation (platform default). It does not modify other skills or system configuration.
Assessment
This skill appears to do what it says: it sends your prompt and a single NETA_TOKEN to api.talesofai.com and prints back an image URL. Before installing: (1) Confirm you trust the Neta/TalesOfAI service and the domain api.talesofai.com; (2) Treat your NETA_TOKEN like any API secret — don't reuse a high-privilege token or share it publicly; (3) Note the registry metadata omitted the required env var — expect to provide NETA_TOKEN via --token or environment; (4) If you need extra assurance, review chibigen.js locally (it is short and readable) to verify no other data is collected; (5) If you are concerned about leakage of prompts, remember prompts are sent to the third-party API as part of normal operation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b5ax95z76w7ks034dfpr89583phhp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments