📦 Ai Image Gen Skill — AI生图

v1.0.0

调用Gemini模型，一句话或一张图即可生成高质量图片，支持文生图与图生图双模式，快速满足创作、设计、营销等多场景视觉需求。

0· 133·0 当前·0 累计

by @dongrebeccahhh-boop

AI模型访问生产力工具自动化云服务

下载技能包

最后更新

2026/4/2

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

high confidence

The skill's runtime instructions reference an external script and an undeclared GEMINI_API_KEY, which is inconsistent with the declared metadata and may cause the agent to execute code not included with the skill.

评估建议

Do not install or run this skill as-is. Key issues: SKILL.md instructs running an external script at /usr/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py that is not included, and it requires GEMINI_API_KEY even though metadata lists no env vars. Before proceeding, ask the author for: (1) the actual code or an install spec that creates the referenced script path, (2) an explanation why the skill points to 'nano-banana-pro' instead of its own files, and (3) updated meta...

详细分析 ▾

⚠ 用途与能力

The skill claims 'AI图片生成' with Gemini, which fits needing a GEMINI_API_KEY, but the SKILL.md points to /usr/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py — a script that is not part of this skill package and is from a differently named skill (nano-banana-pro). The external dependency is not declared in metadata.

⚠ 指令范围

Instructions tell the agent to run an absolute path to a local Python script (via 'uv run') and to read reference image files; they also state a required GEMINI_API_KEY. The metadata declares no env vars and no code files. The instructions therefore ask the agent to execute and access resources outside the skill's own bundle and to use an undeclared secret.

⚠ 安装机制

There is no install spec (instruction-only), which is normally low risk — but here the instructions rely on a specific script path under /usr/lib/node_modules/... that this skill did not install. That could cause execution of arbitrary local code if the referenced script exists and is malicious or unexpected.

⚠ 凭证需求

SKILL.md says '需要 GEMINI_API_KEY' but the skill metadata lists no required env vars or primary credential. Requesting an API key for Gemini is reasonable for an image generation skill, but the omission from declared requirements is an incoherence that prevents informed permissioning and review.

✓ 持久化与权限

The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-wide privileges in the metadata.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/2

ai-image-gen-skill 1.0.0 初始发布 - 新增AI图片生成能力，支持文本生成图片（文生图）和图片参考生成图片（图生图/风格迁移） - 支持中文和英文通过prompt描述图片内容 - 提供分辨率选项：1K和2K - 需配置 GEMINI_API_KEY 环境变量 - 提供详细命令行参数说明和多场景使用示例

● 可疑

安装命令

点击复制

官方npx clawhub@latest install ai-image-gen-skill

镜像加速npx clawhub@latest install ai-image-gen-skill --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库