ClawHub

AI Girl & Character Generator

v1.0.0

Generate AI images of girls, characters, and fictional personas using Media.io OpenAPI. Creates detailed, stylized character portraits in various styles. AI...

0· 89·0 current·0 all-time
by@wondershare-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill calls Media.io endpoints, requires MEDIAIO_API_KEY and curl, and documents the async generation flow. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md stays within scope: it only describes calling Media.io endpoints (credits, create task, poll results) and validating prompt/image URL. Note: the API expects publicly reachable image URLs, so supplying private/internal URLs may cause the service to fetch those resources (SSRF/privacy risk). The docs also instruct not to log API keys.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest-risk installation model. It relies on curl being present, which is reasonable for the provided cURL examples.
Credentials
Only one environment variable is required (MEDIAIO_API_KEY) and it is the primary credential used in the X-API-KEY header. This is proportionate for a service that authenticates via API key.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills or system settings. Autonomous invocation is allowed by default (normal for skills) but not excessive here.
Assessment
This skill appears internally consistent, but before installing consider: 1) Use a dedicated Media.io API key with limited billing/permissions (do not reuse high-privilege keys). 2) Do not provide private/internal image URLs — Media.io will fetch supplied URLs and that can leak internal resources. 3) Be mindful of content policy risks (the skill advertises generating images of “girls” — avoid requests that could involve minors or prohibited sexual content). 4) Avoid exposing the API key in logs or responses and monitor credit usage to prevent unexpected charges. 5) Verify the Media.io endpoints and your account settings on the official docs/homepage before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk979jnsgbc1tabccgtw72ew0x98376v9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvMEDIAIO_API_KEY
Primary envMEDIAIO_API_KEY

Comments