Aws Wechat Article Images

This skill appears to implement the promised image-generation workflow, but review and confirm before installing: - Inspect aws.env in the repository root. The script expects IMAGE_MODEL_API_KEY there; ensure aws.env does not contain other unrelated secrets (database credentials, cloud keys). If it does, move the image model key to a dedicated minimal-scope secret or declare the required var explicitly. - Verify .aws-article/config.yaml contents and the model provider/base_url to ensure the endpoint is trusted. The script will call whatever base_url and API key are configured. - Review scripts/image_create.py (it is included) to be sure you accept its network calls and any file writes (imgs/, article.html modifications when triggered). The script reads the whole dotenv file but only uses IMAGE_MODEL_API_KEY — nevertheless, reading the file is broad. - Note skill.json requests filesystem, network, and shell permissions. Only allow this skill in agents you trust and where running the specified python commands is acceptable. - To reduce risk: declare IMAGE_MODEL_API_KEY as a required env var in the registry or store only that key in aws.env; restrict the API key to least privilege and an appropriate billing/account; test the script using a non-production key. What would change this assessment to benign: registry metadata that documents the required IMAGE_MODEL_API_KEY and shows a trusted homepage/owner, and assurance that aws.env contains only the image API key (or the code was changed to read only the single required var rather than the entire dotenv). Conversely, if additional hidden network endpoints or code that exfiltrates other secrets were found, risk would be higher.