AI绘画提示词优化器 v1.1 | 新增:图片反推提示词、提示词收藏库、参数调优、对比测试。支持Midjourney/SD/DALL-E优化、风格转换、批量生成。
Security Analysis
medium confidenceThe skill's description matches its stated features, but the instructions claim persistent and networked behaviors (image upload/analysis, saving/sharing favorites, paid tiers) without specifying any storage, endpoints, or credentials — this mismatch is concerning and needs clarification before use.
Name and description align with the SKILL.md content: it aims to optimize image-generation prompts, support reverse-prompting from images, parameter tuning, A/B comparison, style mixing, and a favorites library. However, several claimed capabilities (image analysis, effect scoring, batch generation, paid tiers/API) typically require external services, storage, or runtime components that are not declared here.
SKILL.md instructs the agent to accept uploaded images, '自动分析' them, save and share a '收藏库', and perform A/B comparisons and scoring—but gives no instructions on where images or saved prompts are stored, what endpoints (if any) are used for image analysis or scoring, or how sharing is implemented. It also does not constrain where data may be transmitted, which is a privacy and coherence concern.
No install spec or code files are present; this is instruction-only, so nothing will be written to disk or installed by the registry. That reduces immediate execution risk, but it also means implementation details (storage, network calls) are unspecified.
The skill requests no environment variables or credentials, yet describes paid plans, an 'API' in the Enterprise plan, and features that normally need backend services (image processing, storage, sharing). The absence of declared endpoints/credentials is inconsistent with the claimed functionality and leaves unanswered where sensitive data and payments would be handled.
The skill claims persistent features (favorites library, saved mix schemes, sharing), but there is no declaration of config paths, storage buckets, or other persistence mechanisms. The skill does not request always:true or other elevated privileges, which is good, but the missing persistence design is a gap that should be resolved.
Guidance
Before installing or using this skill, ask the publisher for concrete implementation details: where and how uploaded images are analyzed (local vs external API, and which host), where favorites and saved prompt libraries are stored and how sharing works, how effect-scoring is calculated, and which payment provider and API endpoints back the paid tiers. Do not upload sensitive images or secrets until you understand the storage and transmission policy. If the skill later adds an install script or declares environment variables/endpoints, review those carefully (look for external URLs, IPs, or shorteners) and prefer skills that publish a privacy policy, a backend domain, or source code you can audit. Because the registry package is instruction-only and lacks these details, treat it as untrusted for any sensitive data until the author supplies clear storage, network, and billing details.
Latest Release
v1.1.0
v1.1.0 introduces major new features for AI绘画提示词优化器: - 图片反推提示词:上传图片自动分析并生成相关提示词 - 提示词收藏库:保存、分类、搜索与分享优秀提示词 - 参数精细调优:分辨率、采样器、步数、CFG等参数细致可调 - 提示词对比测试:并排对比生成效果并自动评分 - 风格混合:多种AI绘画风格实时权重混合与推荐 - 整体优化Midjourney、SD、DALL-E等平台提示词适配
More by @huyong2023
Published by @huyong2023 on ClawHub
