ClawHub

Text to Image API

v1.0.2

Generate AI images from text descriptions using Media.io OpenAPI. Provide a text prompt and receive a high-quality AI-generated image. Supports multiple mode...

0· 98·0 current·0 all-time
by@wondershare-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, README examples, JSON API manifest, and code all consistently target Media.io text-to-image endpoints. The only mismatch is registry metadata that lists no required env vars while SKILL.md (and the code) require an API_KEY; otherwise requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to set API_KEY, install the 'requests' package, and call Media.io endpoints. The instructions and included code only reference the shipped c_api_doc_detail.json and the API host; they do not instruct reading unrelated files or exfiltrating arbitrary data.
Install Mechanism
No install spec is provided (instruction-only), and SKILL.md recommends 'pip install requests' — a reasonable, low-risk dependency. No downloads from arbitrary URLs or archive extraction are present.
!
Credentials
Functionally the skill only needs a single Media.io API key (X-API-KEY), which is proportional. However, registry metadata shows 'required env vars: none' and 'primary credential: none' while SKILL.md and the code require API_KEY. This inconsistency should be resolved before trusting the skill.
Persistence & Privilege
The skill does not request persistent 'always' inclusion, does not modify other skills or system-wide settings, and does not declare config paths. It only reads the included JSON doc and an API_KEY from environment (or passed argument).
Assessment
This skill is internally consistent with a Media.io text-to-image integration, but do two quick checks before installing: (1) Confirm the SKILL.md requirement for API_KEY is accurate — the registry metadata currently omits it (likely an oversight). (2) Only provide a Media.io API key you control and trust; the key will be sent as X-API-KEY to https://openapi.media.io. If possible, use a key with limited scope/credits for testing. Review the included c_api_doc_detail.json to verify endpoints match Media.io documentation and monitor network usage when first using the skill. If you don't recognize the skill owner, treat the API key as sensitive and consider creating a dedicated test key rather than reusing a high-privilege/production key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aatbym7fat1qe185jzw0k8n8358jf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments