Lux3d
PassAudited by ClawScan on May 1, 2026.
Overview
Lux3D appears to be a coherent 3D-generation API client, but users should notice that it requires an API key and sends prompts or images to an external Lux3D service.
This skill looks purpose-aligned for generating 3D models through Lux3D. Before installing, be aware that it needs a Lux3D API key and will send selected images, reference images, and prompts to an external API, then download the generated ZIP result. Use a dedicated Python environment for the listed dependencies and avoid submitting private files unless you trust the Lux3D service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill requires giving the local environment a Lux3D API key that can authorize requests to the service.
The skill needs an API credential containing account-specific secret material. This is expected for the Lux3D API, but registry metadata says no primary credential or required environment variables are declared.
Both workflows require `LUX3D_API_KEY`, which is a base64 invitation code in the documented format: `version:appkey:appsecret:appuid`
Only use a Lux3D key intended for this service, keep it out of shared logs or prompts, and consider the metadata under-declaration before installing.
Images, reference images, and text prompts used for model generation may be sent to Lux3D's external API.
The client uploads user-provided images and text prompts to the Lux3D API. This is central to the advertised function, but users should be aware that their inputs leave the local machine.
payload = {"img": image_to_data_url(image_path)} ... payload = {"prompt": validate_prompt(prompt), "style": validate_style(style)} ... response = secure_request("POST", url, headers={"Content-Type": "application/json"}, data=payload)Avoid submitting confidential images or sensitive prompts unless you are comfortable sharing them with the Lux3D service.
Installing dependencies manually may pull whatever current package versions are available in the user's Python environment.
The skill documents a manual dependency installation step, but there is no install spec or pinned dependency versions in the provided metadata. The packages are purpose-aligned, but the setup is less controlled than a declared pinned install.
```bash pip install Pillow requests ```
Install dependencies in a dedicated environment and pin or review package versions if reproducibility matters.