ClawHub

social-card

v0.2.1

Generate social preview images (OG, Twitter, GitHub) with a fluent builder API. Single dependency — Pillow.

0· 320·1 current·1 all-time
by@vveerrgg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the artifacts: SKILL.md documents a Pillow-based API for OG/Twitter/GitHub images, the example invokes SocialCard, and metadata lists Pillow as the dependency. Required binaries (pip) and the uv package install are proportional to installing a Python package.
Instruction Scope
The SKILL.md only instructs installing the package and using the library API; it does not direct the agent to read unrelated files, environment variables, or contact external endpoints at runtime. The example script simply renders a local image file.
Install Mechanism
Install uses an 'uv' package installer for package 'social-card' rather than a direct URL; this is reasonable for a registry install but you should confirm what 'uv' maps to in your environment and that the package comes from a trusted Python index/source. No download-from-IP or extract-from-arbitrary-URL patterns are present in the bundle.
Credentials
The skill declares no required environment variables or credentials and the code/instructions do not access secrets. Dependency on Pillow is appropriate for image generation.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It is user-invocable and allows normal autonomous invocation, which is expected for skills of this type.
Assessment
This package appears coherent and light-weight, but before installing: (1) confirm where the 'social-card' package will be fetched from (PyPI or your organization's registry) and verify the publisher/maintainer, (2) review the upstream package source on GitHub (the metadata points to Humanjava Enterprises) for unexpected network calls or telemetry, (3) if you run in a sensitive environment, install and test in a sandbox/virtualenv to ensure no unexpected side effects. If you need higher assurance, inspect the full package code published to the registry you will install from.

Like a lobster shell, security has layers — review code before you run it.

latestvk977rhyrh9kkr7059hyt3n1w6n8360w1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspip

Install

uvuv tool install social-card

Comments