Publish Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only image-generation skill; its main risk is the expected use of user-provided image service API keys.
This skill appears safe to use if you are comfortable providing an image-generation API key. Use a limited or easily revocable key if possible, configure only the provider you want, and be aware that prompts may be sent to the selected external image service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume quota or incur charges on the configured image-generation provider account.
The skill expects user-supplied provider API keys. These keys can grant access to paid image-generation accounts, but their use is disclosed and directly related to the stated purpose.
用户需要配置自己的 API Key(MINIMAX_API_KEY、OPENAI_API_KEY 等)
Set only the provider key you intend to use, prefer limited or revocable keys when available, monitor provider usage, and remove keys when no longer needed.
Prompts may be sent to the first available provider in the documented priority order rather than a provider chosen explicitly each time.
If multiple API keys are present, the skill says it will automatically choose a provider in a fixed priority order. This is disclosed and purpose-aligned, but users should be aware of which provider receives prompts and charges.
技能会根据用户配置的 API Key 自动选择可用的模型。优先顺序:MiniMax > OpenAI > Stability。
If provider choice matters for privacy, quality, or cost, configure only the desired provider key or explicitly ask which provider should be used.