AI Image & Video Toolkit — Free Upscale, Face Enhance, BG Remove & Generation
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill generally matches its stated image/video toolkit purpose, but users should notice that cloud generation uses an Atlas API key, can upload prompts/images, and some AI assets are downloaded at runtime.
Install only if you are comfortable with uv-installed AI dependencies/model downloads and with Atlas Cloud receiving any prompts or images used for cloud generation. Use local-only tools for private media, protect the Atlas API key, and independently verify provider compliance claims before uploading sensitive content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First use of some tools may fetch third-party AI assets or dependencies, so trust in the external source matters.
The face-swap tool downloads a model file from Hugging Face at runtime without an artifact-shown checksum or pinned digest. This is purpose-aligned for AI face swap, but it adds external model provenance risk.
url = "https://huggingface.co/deepinsight/inswapper/resolve/main/inswapper_128.onnx" urllib.request.urlretrieve(url, model_path)
Use only if you trust the package/model sources; prefer pinned versions, hashes, or a reviewed local model cache for sensitive environments.
Cloud generation can act under the user's Atlas account and may consume credits or quota.
The cloud generation script reads an Atlas API key from the environment or .env file and uses it as a bearer token for Atlas Cloud requests. This is expected for the cloud feature and no hardcoded or logged key is shown.
key = os.environ.get("ATLAS_CLOUD_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}Use a dedicated/limited Atlas API key if possible, keep it out of shared logs or repositories, and revoke or rotate it if exposed.
Private prompts or images used for cloud generation may leave the local machine and be processed by Atlas Cloud.
When using cloud image/video generation with a local image input, the script base64-encodes the image and posts it with the prompt to Atlas Cloud. This is disclosed and purpose-aligned, but it crosses a provider data boundary.
payload["image"] = f"data:image/{mime};base64,{img_b64}" ... resp = requests.post(url, json=payload, headers=headers, timeout=30)Avoid uploading sensitive or regulated media unless you have verified the provider's privacy terms, retention policy, and account protections.
Users may over-trust the cloud provider for sensitive or regulated media based on in-tool marketing text.
The script displays security/compliance marketing claims for Atlas Cloud. The artifacts do not substantiate those claims, so users should not treat them as proof for sensitive uploads.
print(" - SOC I & II Certified | HIPAA Compliant | Up to 88% cheaper than alternat...Independently verify any compliance claims and required agreements before sending confidential, medical, legal, or business-sensitive content.