ai-image-generator Security Report — Trusted | ClawSafe

5 /100

ai-image-generator

AI 图片与视频异步生成技能，调用 AI Artist API 根据文本提示词生成图片或视频

The skill is a legitimate AI image/video generator that makes authenticated API calls to staging.kocgo.vip for content generation. No malicious behavior, credential theft, or undeclared capabilities were found.

Skill Nameai-image-generator

Duration38.0s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use as documented.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	scripts/generate_image.py:23-24 BASE_URL and FEISHU_WEBHOOK_URL
Environment	`READ`	`READ`	✓ Aligned	scripts/generate_image.py:25-27 reads AI_ARTIST_TOKEN and FEISHU_WEBHOOK_URL
Filesystem	`WRITE`	`WRITE`	✓ Aligned	scripts/generate_image.py:68-83 download_image() saves to user-specified directo…
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Skill Invoke	`NONE`	`NONE`	—	No skill_invoke usage detected
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

6 findings

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/index

README.md:9

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/bot/v2/hook/xxx

SKILL.md:340

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistRecord

references/api.md:103

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistImage/getInfoByArtistId/

references/api.md:123

🔗

Medium External URL 外部 URL

https://your-cdn.com/image.png

references/feishu-integration.md:84

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai

scripts/generate_image.py:22

File Tree

6 files · 43.6 KB · 1439 lines

Markdown 5f · 771L Python 1f · 668L

├─ ▾ 📁 references

│ ├─ 📝 api.md Markdown 125L · 3.0 KB

│ ├─ 📝 chat-integration.md Markdown 69L · 1.8 KB

│ └─ 📝 feishu-integration.md Markdown 159L · 4.2 KB

├─ ▾ 📁 scripts

│ └─ 🐍 generate_image.py Python 668L · 23.7 KB

├─ 📝 README.md Markdown 72L · 1.5 KB

└─ 📝 SKILL.md Markdown 346L · 9.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned but widely-used library

Security Positives

✓ No shell execution or subprocess usage - only uses requests library for HTTP

✓ No credential theft or exfiltration - API key only sent to legitimate API endpoint

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No obfuscation techniques (base64 decode, eval, atob)

✓ No hidden functionality - all capabilities match documentation

✓ Safe file handling using pathlib with proper directory creation

✓ API key scoped to intended purpose (X-Api-Key header to kocgo.vip)

✓ Feishu webhook is optional and user-configured

✓ No remote code execution vectors detected

Scan Report

File Tree

Dependencies 1 items

Security Positives