ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

使用火山引擎豆包模型生成图片。 通过火山引擎豆包图片生成 API 创建图片。支持自定义提示词、尺寸、模型等参数。 ## 环境变量 - VOLCENGINE_IMAGE_API_KEY - 豆包 API Key(必填) ## 使用方式 生图:一只可爱的小猫 ## 支持的尺寸 1024x1024, 1280x720, 720x1280, 1024x768, 768x1024

v1.0.1

使用火山引擎豆包模型生成图片。通过火山引擎豆包图片生成 API 创建图片。支持自定义提示词、尺寸、模型等参数。使用方式:生图:一只可爱的小猫。

0· 695·7 current·7 all-time
by@wanxing0724

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wanxing0724/doubao-image.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "使用火山引擎豆包模型生成图片。  通过火山引擎豆包图片生成 API 创建图片。支持自定义提示词、尺寸、模型等参数。  ## 环境变量 - VOLCENGINE_IMAGE_API_KEY - 豆包 API Key(必填)  ## 使用方式 生图:一只可爱的小猫  ## 支持的尺寸 1024x1024, 1280x720, 720x1280, 1024x768, 768x1024" (wanxing0724/doubao-image) from ClawHub.
Skill page: https://clawhub.ai/wanxing0724/doubao-image
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install doubao-image

ClawHub CLI

Package manager switcher

npx clawhub@latest install doubao-image
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name, SKILL.md, and scripts/generate.py all target Volcengine (豆包) image generation and require an API key — that is coherent. However, the registry metadata/requirements section claims no required env vars while SKILL.md and the script require VOLCENGINE_IMAGE_API_KEY; the package also does not declare a primary credential even though one is used. This mismatch between declared requirements and actual code is an inconsistency.
Instruction Scope
SKILL.md and scripts/generate.py limit behavior to calling the Doubao image generation API, handling responses, and saving images locally. The instructions do not attempt to read unrelated system files or other environment variables. Error handling is local and reports API responses to the user.
Install Mechanism
This is an instruction-plus-script skill with no install spec; nothing is downloaded or installed at runtime by the skill bundle itself. That keeps install risk low.
!
Credentials
The script requires a single API key (VOLCENGINE_IMAGE_API_KEY), which is appropriate for the stated purpose. However, the skill metadata incorrectly lists no required env vars/primary credential—this inconsistency could mislead users about what credentials are needed. No other credentials are requested.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). It does write files locally into a hardcoded path (C:/Users/zcf/.openclaw/workspace/downloads/images) which is user-specific and potentially inappropriate on other systems; this is a scope/design issue rather than an elevated privilege request.
What to consider before installing
The code itself matches the stated purpose (calling Volcengine's Doubao image API) and only needs your VOLCENGINE_IMAGE_API_KEY. Before installing, note three issues: (1) the package metadata incorrectly says no env var is required while the script requires VOLCENGINE_IMAGE_API_KEY — ensure you are comfortable providing that key and that the skill metadata is corrected; (2) the script writes images to a hardcoded Windows path (C:/Users/zcf/...), including a specific username — change this to a safe, configurable output directory (or confirm it will work on your system) to avoid unexpected file writes or failures; (3) there's a minor bug in the Authorization header format (uses 'Bearer; <key>') which may break requests — you may want to inspect or fix the header to 'Bearer <key>'. Recommended actions: run the script with a non-production or limited API key first, review and update the save path to a directory you control, and confirm the metadata is updated so required credentials are declared. These inconsistencies look like sloppy configuration rather than malicious intent, but fix them before trusting it with production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cs2gnh4wrxjbnpbgxgvr7w182t7sb
695downloads
0stars
2versions
Updated 16h ago
v1.0.1
MIT-0
@wanxing0724
latest
Download

doubao-image - 豆包图片生成

使用火山引擎豆包模型生成图片。

简介

通过火山引擎豆包图片生成 API 创建图片。支持自定义提示词、尺寸、模型等参数。

环境变量

  • VOLCENGINE_IMAGE_API_KEY - 豆包 API Key(必填)

获取方式

  1. 登录火山引擎控制台 https://console.volces.com/
  2. 进入「应用与插件」或「API Key 管理」
  3. 创建或复制 API Key

使用方式

生图:一只可爱的小猫

可选参数

参数说明默认值
尺寸图片尺寸1024x1024
模型使用的模型doubao-seedream-4-0-250828
数量生成数量1

支持的尺寸

  • 1024x1024 (默认)
  • 1280x720
  • 720x1280
  • 1024x768
  • 768x1024

输出

图片自动保存到 downloads/images/ 目录。

重要说明

  • 每个用户需要自己的 API Key:使用时从环境变量 VOLCENGINE_IMAGE_API_KEY 读取
  • 环境变量需要在系统或终端中预先配置

错误处理

  • 如果环境变量未设置,会提示用户设置
  • 如果 API 返回错误,会显示具体错误信息

Comments

Loading comments...