by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions claim to generate images but do not declare how or with what credentials/tooling — plus some instructions (e.g., 'DO NOT refuse to generate' for copyrighted figures and a reference to an unexplained 'nano banana pro' generator) are inconsistent or risky.
评估建议
Before installing, confirm how this skill will actually create images: ask the publisher which image-generation service or binary it expects and whether any API keys are required. Specifically: (1) clarify what "nano banana pro" is and whether it calls an external endpoint—if it does, ask for the domain and whether credentials are needed; (2) inspect the prompts saved to prompts/ (they are written to disk) and the outline.md the skill will create; (3) consider that the skill reads EXTEND.md from...详细分析 ▾
⚠ 用途与能力
The skill's stated purpose is to analyze articles and generate illustrations. However, it makes no declaration of the image-generation provider, required binaries, or environment variables. SKILL.md and README instruct the agent to "Generate Images" and save them to disk, but the package lists no install spec and requires no credentials. That is a material mismatch: a skill that actually produces images normally needs either an on-disk binary, an API endpoint, or credentials for a hosted image service.
⚠ 指令范围
The runtime instructions instruct the agent to read article files, check for existing images, create directories, write outline.md, save prompts to prompts/, and insert image references into the article — which is consistent with the purpose. However, prompts/system.md contains two red flags: it tells the agent to "Please use nano banana pro to generate the illustration" (an unspecified tool/service) and instructs "If content involves sensitive or copyrighted figures... DO NOT refuse to generate" (explicitly discouraging refusal for potentially sensitive/copyrighted content). Those directions expand the scope in ways that could enable privacy/safety issues and are not justified by the declared skill metadata.
✓ 安装机制
This is an instruction-only skill with no install specification and no code files — low installation risk. The README suggests manual copy or an npx install from a GitHub path, but the registry entry itself contains no automated install that would download/extract code at runtime.
⚠ 凭证需求
The skill declares no required environment variables or credentials (good from a least-privilege view) but expects to generate images. That is inconsistent: image generation typically requires either an on-device tool or API keys for a hosted service. Also the instructions read EXTEND.md from user home or project—this requires reading user files (reasonable for preferences, but worth noting). Overall, the absence of any declared credential/provider despite generation instructions is disproportionate.
✓ 持久化与权限
always:false and default invocation settings are normal. The skill writes files and directories within the project (outline.md, prompts/, illustrations/), which is appropriate for its purpose and within expected scope. It does not request elevated/system-wide privileges or modify other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/10
Article Illustrator 1.0.0 – Initial Release - Analyzes article structure to identify optimal illustration positions and types. - Introduces a Type x Style framework for consistent, content-driven illustrations. - Guides users through pre-checks, settings confirmation (type, density, style), and content analysis. - Generates stepwise outputs: outline, illustration prompts, images, with justifications for each position. - Provides compatibility matrix and auto-selection rules for best matching illustration types and styles. - Supports project/user config overrides, and structured output directories for articles and images.
● 无害
安装命令
点击复制官方npx clawhub@latest install article-illustrator
镜像加速npx clawhub@latest install article-illustrator --registry https://cn.longxiaskill.com