Generate high-quality images via Stability AI API (SDXL, SD3, Stable Image Core). Use when user asks to "generate image", "make a picture", or "draw this".
Security Analysis
medium confidenceThe skill's code and runtime instructions mostly match its declared purpose (calling Stability AI), but there are several inconsistencies (undeclared required env var, mismatched script path, and vague 'auto-dependencies' behavior) that deserve clarification before installing.
The skill purpose (call Stability AI to generate images) aligns with the included Python script which posts to stability.ai endpoints. However the registry metadata claims no required environment variables or primary credential while the SKILL.md and generate.py clearly require STABILITY_API_KEY (and optionally API_HOST). That metadata mismatch is a meaningful coherence issue.
SKILL.md instructs creating a .env with STABILITY_API_KEY and running scripts/generate. The runtime instructions stay within image-generation scope and the script only uses STABILITY_API_KEY and optional API_HOST. Note: the SKILL.md suggests dependencies are 'automatically handled on first run' despite no install spec; also it tells users to store secrets in .env (a common but plaintext approach).
There is no install spec (lowest install surface). A requirements.txt lists requests, python-dotenv, pillow which is reasonable. The SKILL.md's claim that dependencies will be auto-handled is vague — no installer script or manifest entry is provided, so behavior on first run is unclear.
Only STABILITY_API_KEY (and optional API_HOST) appear in code — appropriate for a Stability AI client. The concern is that the registry metadata does not declare these required env vars or a primary credential, which is an inconsistency that could mislead users about what secrets are needed or stored.
The skill does not request persistent platform privileges or 'always' inclusion. It writes generated images and metadata to disk and performs an auto-cleanup of older files (keeps last 20). Also SKILL.md's example CLI uses scripts/generate but the repository only contains scripts/core/generate.py — there is a path/usage mismatch to clarify. No evidence of modifying other skills or system-wide config.
Guidance
What to check before installing: 1) The SKILL.md and generate.py require STABILITY_API_KEY (and optionally API_HOST) but the registry metadata doesn't declare any required env vars — ask the publisher to correct that. 2) Verify where you'll store the API key (.env is plaintext) and consider using a limited-scope key or dedicated account. 3) Confirm how dependencies are installed — SKILL.md promises auto-install but no install script is provided; prefer explicit install steps or run in an isolated virtualenv/container. 4) Note the SKILL.md calls scripts/generate but only scripts/core/generate.py exists — ask whether a wrapper is missing. 5) Review the code yourself (or in a sandbox) to confirm there are no unexpected network endpoints or secret exfiltration — the script appears to call only the configured API_HOST and no other external hosts. 6) If uncertain about the publisher (source/homepage unknown), run this skill in an isolated environment and avoid using high-value API keys until you verify behavior.
Latest Release
v1.0.0
Stability AI Skill 1.0.0 – Initial Release - Generate high-quality images using Stability AI models (SDXL, SD3, Stable Image Core) via command line. - Supports prompt-based image creation with options for style presets, aspect ratio, output format (png, jpg, webp), reproducibility seed, negative prompts, and advanced model parameters. - Includes metadata JSON for each image with prompt, settings, and generation details. - Integrates auto-cleanup to keep only the most recent 20 generated images and metadata. - Simple setup via .env configuration; handles dependencies automatically on first run.
More by @1999AZZAR
Published by @1999AZZAR on ClawHub
