ClawHub

OpenClaw Selfie

v1.0.0

Generate identity-consistent selfies, group photos, and other SFW images for OpenClaw characters via the tuqu.ai API. Use when creating character portraits,...

0· 51·0 current·0 all-time
byAustin Zhou@zhouyi531
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (identity-consistent selfie generation via tuqu.ai) matches the included materials: SKILL.md, API notes, endpoint/workflow references, and a small Python helper that performs HTTP calls to photo.tuqu.ai and billing.tuqu.ai. Requiring python3 and per-request service keys is proportionate to this purpose.
Instruction Scope
SKILL.md instructs the agent to call the documented tuqu.ai endpoints and to pass a role-specific --service-key explicitly. It does not instruct the agent to read unrelated system state, environment secrets, or to transmit data to unexpected endpoints. It does allow supplying a --body-file for request bodies (which is expected for sending large JSON/image payloads) — the helper will read whatever file the caller points at, so callers should avoid pointing it at sensitive local files.
Install Mechanism
There is no install spec (instruction-only) and the only runtime dependency declared is python3. The included code is small, local, and uses urllib to call known hosts; there are no downloads from arbitrary URLs or archive extraction steps.
Credentials
The skill does not require environment secrets. It optionally honors TUQU_BASE_URL and TUQU_BILLING_BASE_URL for host overrides (documented). Auth is expected to be supplied explicitly per request via --service-key or in the JSON body; that is appropriate and reduces implicit env-secret use. There are no unrelated credential requests.
Persistence & Privilege
The skill does not request permanent presence (always:false). It does not attempt to modify other skills or system-wide configuration. Autonomous invocation (model invocation enabled) is the default platform behavior and is not combined with other concerning privileges here.
Assessment
This skill looks coherent for calling tuqu.ai from OpenClaw. Before installing: 1) Be prepared to supply a role-specific service key on each request (the helper intentionally avoids pulling a shared env secret). 2) When using --body-file be careful what file path you provide — the helper will read and send the file contents, so do not point it at local files that contain secrets. 3) Verify you trust the tuqu.ai hosts (photo.tuqu.ai and billing.tuqu.ai) and understand how your reference images will be transmitted/stored. 4) If you want stricter security, keep service keys short-lived or role-scoped and review payloads you send in tests (the repo includes unit tests that exercise the helper, which is a good sign).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dfyd8wpaksymtrfqsb9zts583ssrs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📸 Clawdis
OSLinux · macOS · Windows
Any binpython3

Comments