multimodal-gen
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runingenerate.pyto orchestrate the workflow by calling specialized scripts for prompt optimization, image generation, and video generation. - [COMMAND_EXECUTION]: Employs the
passutility viasubprocess.runto securely retrieve API keys from the local system's password manager. - [EXTERNAL_DOWNLOADS]: Automatically downloads generated media files (images and videos) from external URLs provided by the backend API and saves them to the user's home directory (
~/clawd/output/). - [DATA_EXFILTRATION]: Transmits user-provided prompts and descriptions to a third-party API endpoint (
xingjiabiapi.com) to facilitate content generation and optimization. - [PROMPT_INJECTION]: While the skill processes user prompts for generation,
prompt_optimizer.pyincludes system instructions designed to steer the output toward safe content and avoid sensitive topics, acting as a basic safety guardrail.
Audit Metadata