ai-image-generator Security Report — Trusted | ClawSafe

5 /100

ai-image-generator

AI图片与视频异步生成技能，调用AI Artist API根据文本提示词生成图片或视频

Legitimate AI image/video generation skill that safely wraps an external API with no malicious behavior detected.

Skill Nameai-image-generator

Duration30.1s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Only reads user-provided files for upload and writes generated images to specifi…
Network	`READ`	`READ`	✓ Aligned	All network requests are to documented API endpoints (staging.kocgo.vip)
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
Environment	`READ`	`READ`	✓ Aligned	Reads AI_ARTIST_TOKEN and FEISHU_WEBHOOK_URL for legitimate API authentication

8 findings

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/index

README.md:9

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/system/fileUpload/upload

SKILL.md:64

🔗

Medium External URL 外部 URL

https://kocgo-ai-sales-test.oss-cn-hangzhou.aliyuncs.com/material/100/xxx.png

SKILL.md:75

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/bot/v2/hook/xxx

SKILL.md:515

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistRecord

references/api.md:103

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai/AiArtistImage/getInfoByArtistId/

references/api.md:123

🔗

Medium External URL 外部 URL

https://your-cdn.com/image.png

references/feishu-integration.md:84

🔗

Medium External URL 外部 URL

https://staging.kocgo.vip/stage-api/ai

scripts/generate_image.py:25

File Tree

7 files · 62.6 KB · 1959 lines

Python 1f · 1008L Markdown 5f · 946L JSON 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 api.md Markdown 125L · 3.0 KB

│ ├─ 📝 chat-integration.md Markdown 69L · 1.8 KB

│ └─ 📝 feishu-integration.md Markdown 159L · 4.2 KB

├─ ▾ 📁 scripts

│ └─ 🐍 generate_image.py Python 1008L · 36.3 KB

├─ 📋 _meta.json JSON 5L · 148 B

├─ 📝 README.md Markdown 72L · 1.5 KB

└─ 📝 SKILL.md Markdown 521L · 15.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	No version pinning but requests is a widely-used stable library

Security Positives

✓ Clean, readable Python code with no obfuscation

✓ Comprehensive documentation matches implementation

✓ No shell execution or command injection vulnerabilities

✓ API key only used locally for authentication to the external service

✓ File operations limited to user-specified paths for reference image upload and output

✓ All network requests go to clearly documented API endpoints

✓ No credential harvesting beyond the user's own API key

✓ No sensitive path access (no ~/.ssh, ~/.aws, or .env file reading)

✓ Optional Feishu webhook notification is clearly documented and user-controlled

Scan Report

File Tree

Dependencies 1 items

Security Positives