ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dmxapi-image-generation

v1.0.0

使用 MiniMax (image-01) 和其他模型生成图片。支持文生图、图片编辑。当用户需要生成图片、AI绘图时使用此技能。使用方法:用户需要配置 MINIMAX_API_KEY 环境变量。

0· 43·1 current·1 all-time
by@xiaoliang1319-cloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an image-generation skill that uses MiniMax (model image-01) and explicitly states the user must provide a MINIMAX_API_KEY. That requirement is reasonable for the stated purpose, but the published skill metadata lists no required environment variables or primary credential — an incoherence between claimed purpose and declared requirements.
Instruction Scope
The instructions are narrowly scoped: they show a single HTTPS POST to api.minimaxi.com/v1/image_generation with model, prompt, aspect_ratio, and base64 response. They do not tell the agent to read unrelated files, other env vars, or exfiltrate data to third parties beyond the documented API host.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no third-party packages are pulled in at install time.
!
Credentials
The skill logically requires a single API key (MINIMAX_API_KEY) which is proportionate for an API-based image generator. However, the skill registry metadata does not declare any required env vars or primary credential — that omission is suspicious and could lead to mistakes (e.g., users pasting keys into chat). The SKILL.md also suggests a key format ('sk-cp-xxx'), which should be verified with the provider.
Persistence & Privilege
The skill does not request persistent presence (always: false) and uses the default model-invocation behavior. It does not claim to modify other skills or system-wide settings.
What to consider before installing
This skill appears to be a simple MiniMax image-generation wrapper, but there are two things to check before installing: (1) The SKILL.md says you must set MINIMAX_API_KEY, yet the registry metadata declares no required env vars — confirm with the publisher how the key should be provided (and avoid pasting secrets into chat). (2) The skill's source and homepage are unknown and the API host is api.minimaxi.com; verify the service's legitimacy, documentation, billing, and privacy policy before sending any sensitive prompts or images. If you proceed, store the API key in a secure environment variable, limit the key's permissions if possible, and avoid using the skill for confidential content until provenance is confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9xhhagqhm2xv1x8s2p1r9n83s431

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

MiniMax Image Generation Skill

功能

  • 文生图 - 根据文本描述生成图片
  • 支持多种尺寸和比例

使用前提

用户需要:

  1. MiniMax API Key(sk-cp-xxx 格式)
  2. 确保套餐包含图片生成功能

API 用法

const https = require('https');

const apiKey = 'YOUR_MINIMAX_API_KEY';

const body = JSON.stringify({
  model: 'image-01',
  prompt: '描述内容',
  aspect_ratio: '1:1',
  response_format: 'base64'
});

const options = {
  hostname: 'api.minimaxi.com',
  path: '/v1/image_generation',
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${apiKey}`
  }
};

示例

生成小龙虾头像:

  • model: image-01
  • prompt: cute cartoon lobster mascot, kawaii style, orange color, big eyes
  • aspect_ratio: 1:1

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…