AI Girl & Character Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Media.io image-generation skill, but it uses your Media.io API key and sends the prompt and image URL to Media.io, which may consume credits.
Before installing, confirm you are comfortable giving the agent access to a Media.io API key and sending the supplied prompt and image URL to Media.io. Avoid private or unauthorized images, and monitor credit usage.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can send your prompt and image URL to Media.io and may spend Media.io credits.
The skill instructs the agent to submit user-provided image URLs and prompts to Media.io to create generation tasks. This is aligned with the image-generation purpose, but it is still an external API action that may use account credits.
Call `character-generator-media-2.0` with `data.images`, `data.prompt`, and optional `data.ratio`.
Use it only when you intend to generate an image through Media.io, and avoid providing private or unauthorized image URLs.
The skill can act through the Media.io API using the configured key, including checking credits and submitting generation jobs.
The skill requires a Media.io API key to authenticate requests. This is expected for the service integration, and the artifact also says to avoid exposing raw API keys.
`MEDIAIO_API_KEY` | Yes | Media.io OpenAPI key, used in header `X-API-KEY`.
Provide only the intended Media.io API key, monitor usage, and rotate or revoke the key if you stop using the skill.