ClawHub

Qwen Image

v1.0.2

调用阿里云百炼(DashScope/Model Studio)平台上的千问及万相2.6模型,完成图像生成与编辑任务。 当用户涉及以下任何场景时,必须使用此 skill: - 调用千问或万相2.6模型生成、编辑图片 - 百炼平台图像相关 API - 使用 dashscope SDK 访问 qwen-image /...

0· 190·0 current·0 all-time
by@awsl1110
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe calling Aliyun DashScope (qwen-image / wan2.6) and the package requires DASHSCOPE_API_KEY and a runner (uv/pip) — these are appropriate and expected for the declared functionality.
Instruction Scope
SKILL.md instructs checking DASHSCOPE_API_KEY and region, installing dependencies, and running the bundled script. The script only calls DashScope endpoints, streams/saves returned images and text, and may download user-provided image URLs; it does not read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
Install uses the 'uv' runner (PyPI) to create an isolated venv and install dashscope/requests. This is a reasonable approach, but SKILL.md suggests 'pip install uv --break-system-packages' which can affect system Python packages — a minor operational risk. No arbitrary external download URLs or obscure hosts are used in the install metadata.
Credentials
Only DASHSCOPE_API_KEY is required and declared as the primary credential; that matches the need to authenticate to DashScope. No unrelated secrets or extra environment variables are requested.
Persistence & Privilege
always:false, no config paths requested, and the skill does not modify other skills or system settings. It runs on-demand; autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
Assessment
This skill appears coherent with its purpose, but take these precautions before installing: (1) Only provide a DashScope API key (DASHSCOPE_API_KEY) with the minimal privileges you need and obtain it from the official console; (2) Prefer installing and running 'uv' and the skill inside an isolated virtual environment rather than using 'pip install --break-system-packages'; (3) Review the 'uv' package on PyPI (or install it from a trusted source) before installing; (4) Be aware the script will download images returned by the API and any user-supplied image URLs and will write files to the chosen output directory — avoid running with a key you don't trust or on sensitive hosts; (5) Verify the region you select matches where your API key is valid to avoid credential errors; rotate the API key if it may have been exposed.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rwvfj4wb1z3rwte2q0a94x83j2mv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Any binuv, pip
EnvDASHSCOPE_API_KEY
Primary envDASHSCOPE_API_KEY

Install

uv
Bins: uv
uv tool install uv

Comments