ClawHub

AI Image Check

Detect whether an image was generated by AI (e.g. Midjourney, DALL-E, Stable Diffusion) using the Scam.ai API. Guides the user through API key setup if neede...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 75 · 0 current installs · 0 all-time installs
by@yuchennnnnnn
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (AI image detection via Scam.ai) matches the runtime instructions: the skill reads an API key, uploads an image to Scam.ai, and returns a verdict. One minor inconsistency: the registry metadata declares no required config paths, yet the SKILL.md explicitly reads/writes ~/.scamai_genai_key and ~/.scamai_universal_key.
Instruction Scope
The instructions are narrowly scoped to: (1) locate or ask for a Scam.ai key, (2) save it to a home file, (3) validate an image path, and (4) POST the image to Scam.ai. There is no instruction to read other files or access unrelated credentials. The skill will transmit the image file and the API key to https://api.scam.ai as required for the service.
Install Mechanism
This is an instruction-only skill with no install step and no code files — lowest-risk install mechanism. It relies on the agent having a shell (Bash) and curl available, which is expected from the SKILL.md but not declared in metadata.
Credentials
No environment variables or external credentials are declared in the registry metadata, but the runtime instructions explicitly read and write two specific files in the user's home (~/.scamai_genai_key and ~/.scamai_universal_key). Those files are proportional to the stated purpose (API key storage) but the omission from metadata is an inconsistency worth noting. No unrelated credentials are requested.
Persistence & Privilege
The skill persistently writes the user's API key to files in the home directory (with recommended chmod 600). It does not request elevated privileges, modify other skills, or set always:true. Persisting a key to disk is expected for convenience but is a persistent change the user should be aware of.
Assessment
This skill appears to do what it says, but review these points before installing/using it: - Privacy: any image you check will be uploaded to https://api.scam.ai. Do not upload sensitive images you cannot share with that service. - API key persistence: the skill saves whatever API key you provide to ~/.scamai_genai_key or ~/.scamai_universal_key (it suggests chmod 600). If you prefer not to persist a key, do not paste it when prompted and instead provide the key temporarily each run, or remove the file after use. - Metadata mismatch: the registry did not declare the config paths, even though the SKILL.md uses them; confirm you are comfortable with the skill reading/writing those files. - Shell/network access: the skill assumes the agent can run Bash and curl; ensure your environment's shell/network policies are acceptable. - Trust the vendor: this forwards data to Scam.ai; verify you trust that service and review its privacy/tos. If you need tighter control, consider running an alternative detection method locally or using an API key with limited scope or billing limits. If any of the above concerns are unacceptable, do not install or run the skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.3
Download zip
latestvk97at7zj0t9q7efqzbnvfkvwh583yrf7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI-Generated Image Detection

You help users determine whether an image was created by a generative AI tool (e.g. Midjourney, DALL-E, Stable Diffusion, Firefly) using the Scam.ai API.

Step 1 — API Key Setup

Use the Bash tool to find an available API key, checking in this order:

cat ~/.scamai_genai_key 2>/dev/null

cat ~/.scamai_universal_key 2>/dev/null
  • If ~/.scamai_genai_key has content → use it.
  • Else if ~/.scamai_universal_key has content → use it.
  • If neither exists, ask the user:

Do you already have a Scam.ai API key?

  • Yes, I have a Gen AI Detection key — paste it here.
  • Yes, I have a Universal key — paste it here (works for all services).
  • No — follow these steps to get one:
    1. Go to https://scam.ai and click Sign Up (or Log In)
    2. In the left sidebar, scroll to the bottom → Manage account → Developers
    3. Click + Create API Key in the top right
    4. Under Service Type, choose:
      • Gen AI Detection — for this skill only
      • Universal Key — one key for all Scam.ai services (recommended if you plan to use multiple skills)
    5. Give it a name, create it, copy the key, and paste it here

Once the user provides the key, save it to the matching file:

  • Gen AI Detection key → ~/.scamai_genai_key
  • Universal key → ~/.scamai_universal_key
echo -n "THEIR_API_KEY" > ~/.scamai_genai_key && chmod 600 ~/.scamai_genai_key
# or for universal:
echo -n "THEIR_API_KEY" > ~/.scamai_universal_key && chmod 600 ~/.scamai_universal_key

Confirm: "API key saved! You won't need to enter it again."

Note: A DeepFake Detection key will not work here — it is a different service type.

Step 2 — Get the Image to Analyze

If the user didn't pass $ARGUMENTS, ask:

Please provide the path to the image (.jpg, .jpeg, .png, .webp, .bmp) you want to check.

Expand ~ in paths if needed. Confirm the file exists before proceeding. Only image files are supported by this endpoint (not videos).

Step 3 — Run Detection

Use whichever key was found in Step 1. Resolve it first:

API_KEY=$(cat ~/.scamai_genai_key 2>/dev/null || cat ~/.scamai_universal_key 2>/dev/null)

Then run:

curl -s -X POST "https://api.scam.ai/api/defence/ai-image-detection/detect-file" \
  -H "x-api-key: $API_KEY" \
  -F "file=@PATH_TO_FILE"

Show a brief "Analyzing image, please wait…" message before running.

Step 4 — Interpret and Present Results

Parse the JSON response and present a single line:

Verdict: [AI-Generated / Real / Uncertain] — [X]% confidence

Example: Verdict: AI-Generated — 97.8% confidence

Do not show any other fields. If the user wants more details, they can ask.

If the API returns an error:

  • 401 Unauthorized → "Your API key appears to be invalid or expired. Run /genai-image-detection again to update it."
  • 429 Too Many Requests → "You've hit the Scam.ai rate limit. Please wait a moment and try again."
  • 415 Unsupported Media Type → "This file type isn't supported. Please use a .jpg, .jpeg, .png, or .webp image."
  • Any other error → show the raw error message and suggest checking https://scam.ai/docs

Step 5 — Wrap Up

After presenting the results, ask:

Would you like to analyze another image, or are you done?

  • Another image → go back to Step 2.
  • Done → reply with:

Thanks for using the AI-Generated Image Detection skill! Stay sharp. Follow Scam.ai for the latest in AI-powered fraud and deepfake protection: https://scam.ai

Notes

  • The stored key is at ~/.scamai_genai_key (mode 600, readable only by you).
  • This key is separate from the DeepFake Detection key (~/.scamai_deepfake_key) — each service requires its own key type.
  • To update your key, just run /genai-image-detection again and say "No" when asked if you have a key, or manually delete ~/.scamai_genai_key.
  • This endpoint detects AI-generated images only. To detect face swaps and deepfake videos, use /deepfake-detection instead.
  • Scam.ai free-tier limits may apply; check your dashboard at https://scam.ai for usage.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…