Gemini Image Proxy
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated image-generation purpose, but it requires an API key and sends prompts or input images to the configured proxy endpoint.
Before installing, make sure you trust the API endpoint in GOOGLE_PROXY_BASE_URL, use an appropriate API key, and install the openai package from a trusted source. Avoid using sensitive images or prompts unless you are comfortable sending them to that provider.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing an unpinned package can change behavior over time if the package version changes.
The setup instructions require installing the OpenAI Python SDK without a pinned version. This is expected for the skill, but it relies on the package source and current package version.
python3 -m pip install openai
Install from a trusted Python package source and consider pinning a known-good openai package version.
The configured API key may authorize usage or billing on the selected image service.
The script uses a user-provided API key and base URL to access the image API. This is necessary for the stated purpose and the code does not show hardcoding or logging of the key.
client = OpenAI(api_key=api_key, base_url=base_url)
Use a limited-purpose API key where possible and verify that GOOGLE_PROXY_BASE_URL is the intended trusted endpoint.
Private prompts or images may be sent to the endpoint configured in GOOGLE_PROXY_BASE_URL.
For edits, the script uploads the prompt and the selected input image to the configured API endpoint. This is purpose-aligned but creates an external data flow.
response = client.images.edits(
model=MODEL,
prompt=prompt,
image=image_file,Only use trusted API endpoints and avoid submitting sensitive images unless you are comfortable with that provider receiving them.