📦 TS Images — 图生图与文生图

v1.0.0

基于 OpenAI 风格通用图生图与 Gemini generateContent 文生图能力，支持异步出图，快速调用 Gemini 图像模型完成高质量图像生成。

0· 141·0 当前·0 累计

by @wangshengli0421 (tianshu)

AI模型访问 API工具

下载技能包

最后更新

2026/3/21

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill appears to be a straightforward client that forwards image-generation requests to endpoints defined in AIZNT_PROXY_URLS, authenticated with TS_TOKEN. Before installing: verify the origin of the TS_TOKEN and the contents of AIZNT_PROXY_URLS (ensure endpoints are official/trusted domains), avoid passing sensitive local files via --body-file unless you intend to upload them, and be aware that if the agent invokes this skill autonomously it can send prompts/files to the configured endpoin...

详细分析 ▾

✓ 用途与能力

Name/description (image generation, Gemini generateContent) match the required secret (TS_TOKEN) and AIZNT_PROXY_URLS which provide the service endpoints. The code only implements HTTP calls to those endpoints and does not request unrelated credentials or binaries.

ℹ 指令范围

SKILL.md and scripts instruct the agent to POST JSON bodies (or read a local file via --body-file) to the URLs contained in AIZNT_PROXY_URLS. This is expected for a proxy-based image client, but it means whatever URLs are in AIZNT_PROXY_URLS will receive prompts and files — verify those endpoints are trusted. The script reads arbitrary local file paths only when the user passes --body-file (user-controlled).

✓ 安装机制

No install spec or external downloads; the skill is instruction+bundled JS files only. Nothing is fetched or executed from third-party URLs at install time.

✓ 凭证需求

Only two environment inputs are required: primaryEnv TS_TOKEN (auth token) and AIZNT_PROXY_URLS (JSON mapping of API endpoints). Both are directly used by the client and are proportionate to an API proxy client.

ℹ 持久化与权限

always:false (normal). The skill can be invoked autonomously (default), and because it uses a network token and sends data to configurable endpoints, autonomous invocation increases potential impact; consider limiting autonomous use if you cannot fully trust the token or endpoint config.

⚠ scripts/client.js:3

Environment variable access combined with network send.

⚠ scripts/images.js:51

File read combined with network send (possible exfiltration).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/21

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install aiznt-images

镜像加速npx clawhub@latest install aiznt-images --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库