ClawHub

Seedream AI Image Generator

v1.0.2

Generate AI images using ByteDance Seedream via Media.io OpenAPI. Delivers high aesthetic quality and detailed rendering for text-to-image and image-to-image...

0· 96·0 current·0 all-time
by@wondershare-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, API JSON, and the Python router all align: they call Media.io's openapi.media.io endpoints for Seedream image generation and task queries. The required capability (an API key for Media.io) is reasonable for the stated purpose.
Instruction Scope
Runtime instructions are limited to installing 'requests', loading the local API JSON, and calling Media.io endpoints. The Python code enforces a strict host check (openapi.media.io) and only sends provided params in a JSON body; it does not read unrelated system files or attempt outbound requests to arbitrary hosts. Prompts and image URLs are sent to Media.io as expected.
Install Mechanism
No install spec is present (instruction-only with bundled code). No remote downloads or archives; the only dependency is Python 'requests' installed by the user per SKILL.md. This is low-risk from an installer perspective.
!
Credentials
The skill and code require an API key (API_KEY) to contact Media.io, which is proportional to the functionality. However, registry metadata in the manifest incorrectly listed no required env vars while SKILL.md and the code both require API_KEY — a packaging inconsistency that should be resolved before trusting the skill. No other credentials are requested.
Persistence & Privilege
The skill is not marked 'always' and does not request elevated platform privileges or modify other skills. It does not persist extra credentials beyond using the provided API key at runtime.
Assessment
This skill appears coherent: it wraps Media.io's Seedream APIs and requires an API_KEY. Before installing, confirm the skill's origin (no homepage is provided and the publisher is 'Community Maintainer'), and prefer creating a scoped/limited Media.io API key for testing. Do not include any secrets inside prompts or reference-image URLs, because those values are sent to Media.io. Also ask the publisher/maintainer to fix the manifest mismatch (registry metadata should declare API_KEY as required). If you need higher assurance, compare the endpoints and request body format against Media.io's official docs or obtain the skill from a verified source.

Like a lobster shell, security has layers — review code before you run it.

latestvk976sb60b2043d279khhxhf00n834kd3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments