ClawHub

Grok Image API

v1.1.1

Work with OpenAI-compatible image generation and image editing endpoints. Use when the user wants to generate images from prompts, edit images with prompts a...

0· 268·1 current·1 all-time
by@xiaolozee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name and description match the included script and SKILL.md: it targets POST /v1/images/generations and /v1/images/edits and provides generate/edit/probe actions. One minor inconsistency: the registry metadata lists no required environment variables, but both SKILL.md and the script expect IMAGE_API_BASE_URL (or GROK_IMAGE_BASE_URL) and IMAGE_API_KEY (or GROK_IMAGE_API_KEY). Otherwise the requested capabilities are proportionate to the stated purpose.
Instruction Scope
The runtime instructions and script are scoped to calling the image endpoints, saving results locally, and (for edits) uploading user-provided image files. The skill reads only the API env vars, accepts file paths supplied by the user, writes output under output/grok-images/, and will download returned URLs by default. There are no instructions to read unrelated system files or to send data to endpoints outside the configured IMAGE_API_BASE_URL.
Install Mechanism
There is no install spec (instruction-only skill) and the bundled Python script uses only the standard library. Nothing is downloaded from external URLs or installed during skill setup, so installation risk is low.
Credentials
The script legitimately requires an API base URL and API key (IMAGE_API_BASE_URL / IMAGE_API_KEY or alternates) to talk to the image service. The proportionality is appropriate for the task. However, the registry metadata did not declare these required environment variables, which is an omission that could mislead users about what secrets the skill needs.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (default) but not combined with other concerning behaviors.
Assessment
This skill appears to do what it says: a local Python helper to call image generation/edit APIs. Before installing or running it, ensure you: (1) only provide an API base URL and API key for a trusted image service (the script will read IMAGE_API_BASE_URL or GROK_IMAGE_BASE_URL and IMAGE_API_KEY or GROK_IMAGE_API_KEY); (2) are comfortable that editing will upload any local image path you supply to that external service; and (3) note the registry metadata omitted the required env vars — double-check SKILL.md and the script for the exact variable names. If in doubt, run the script in a sandbox or review the code (it's included and uses only the Python standard library).

Like a lobster shell, security has layers — review code before you run it.

grokvk973zpavswbv76ddmq2zkrdw8d82hxa1imagevk973zpavswbv76ddmq2zkrdw8d82hxa1latestvk973zpavswbv76ddmq2zkrdw8d82hxa1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments