falimagegen
v1.0.0Call fal.ai model APIs for image generation (text-to-image and image-to-image). Use when a user asks to integrate fal, construct requests, run jobs, handle auth, or return image URLs from fal model APIs.
⭐ 1· 1.5k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description describe Fal image-generation calls and all guidance/examples are about constructing requests to Fal model endpoints — purpose and capability align. However, examples and docs repeatedly reference an API key (FAL_KEY / Authorization header) even though the registry metadata declares no required credentials; that mismatch should be fixed.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to resolve model IDs, validate inputs, build SDK/REST requests, execute them, and return image URLs. It does not instruct reading unrelated system files, other credentials, or contacting unexpected endpoints. It does include notes about uploading image bytes (storage.upload) which implies handling user-supplied images but remains within the image-generation scope.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer and there is no external package download to evaluate.
Credentials
Examples and references use environment variables (e.g., FAL_KEY / process.env.FAL_KEY, Authorization: Key $FAL_KEY) but the skill metadata lists no required env vars or primary credential. This is an inconsistency: the skill will need an API key to function, so the absence of declared credential requirements reduces transparency about what secrets the agent will need and where they'd be stored/provided.
Persistence & Privilege
No elevated persistence requested (always: false). The skill does not request system config paths or modify other skills. Autonomous invocation is allowed but that is the platform default and not by itself a red flag.
What to consider before installing
This skill appears to be what it says: guidance for calling Fal image-generation APIs and returning image URLs. The main issue is metadata transparency: the SKILL.md and example files reference an API key (FAL_KEY) and SDK storage upload, but the skill registry entry does not declare any required environment variables or primary credential. Before installing or enabling this skill: 1) insist the publisher declare the required credential (e.g., FAL_KEY) in requires.env and set primaryEnv appropriately so you know where the key will be read from; 2) avoid pasting API keys into chat — supply keys via secure agent configuration only; 3) be careful about uploading private images (the skill's examples call fal.storage.upload — that will send image bytes to Fal's storage); 4) verify the endpoints/domains in the references (queue.fal.run, fal.run, ws.fal.run) are the official endpoints you expect; and 5) if you need stronger assurance, ask the publisher for a version that explicitly documents required env vars, expected request/response shapes, and any retry/timeout behavior. The skill is coherent with its purpose but the missing credential declaration is a meaningful omission to fix.Like a lobster shell, security has layers — review code before you run it.
latestvk974e7p1axfpdzzh8ww56kj0ks80jw9d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.