Alicloud Ai Image Qwen Image Edit
v1.0.1Edit images with Alibaba Cloud Model Studio Qwen Image Edit models (qwen-image-edit, qwen-image-edit-plus, qwen-image-edit-max and snapshots). Use when modif...
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (Qwen Image Edit on Alibaba Cloud) match the included instructions and the helper script: they prepare a normalized image.edit request and validate responses. However, the metadata declares no required env vars or credentials while the SKILL.md explicitly requires DASHSCOPE_API_KEY or an Alibaba Cloud creds entry, which is inconsistent.
Instruction Scope
SKILL.md instructions stay within the skill's stated purpose: preparing requests, validating responses, running a small py_compile validation, guiding prompt/mask usage, and asking to perform a minimal read-only connectivity check. The helper script only reads/writes JSON request/response files and does not attempt to access unrelated system paths or exfiltrate data by itself.
Install Mechanism
There is no install spec; the SKILL.md recommends creating a Python venv and pip installing the 'dashscope' package. This is a typical approach for an SDK-based integration. The only risk is the external pip package — verify the package's provenance (dashscope) before installing.
Credentials
The runtime docs require DASHSCOPE_API_KEY or adding dashscope_api_key to ~/.alibabacloud/credentials (cloud credentials). The skill metadata, however, lists no required env vars or primary credential. That mismatch is concerning: the skill will need cloud credentials to operate, but the registry metadata does not declare them, which could lead to unexpected credential requests at runtime.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It writes output under an output/ directory and suggests using object storage for assets. There is no evidence it modifies other skills or system-wide config.
What to consider before installing
This skill looks like a legitimate wrapper for Alibaba Cloud Qwen image-edit models, but before installing: (1) note that SKILL.md requires a DASHSCOPE_API_KEY or credentials in ~/.alibabacloud/credentials even though the registry metadata omitted any required env — ask the publisher to correct the metadata or document why creds are optional; (2) inspect the 'dashscope' pip package provenance (PyPI name, source repo) before installing and prefer creating a disposable venv; (3) provide least-privilege cloud credentials (a key scoped only to the necessary Model Studio operations) and avoid using broad account keys; (4) confirm where outputs are stored (default output/ path and any object storage) and whether those artifacts may contain sensitive data; and (5) if you need higher assurance, request the publisher to declare the required environment variables in the registry metadata and to provide a checksum/source for the dashscope package. Overall the skill is coherent with its purpose but the missing credential declaration is a notable inconsistency.Like a lobster shell, security has layers — review code before you run it.
latest
Category: provider
Model Studio Qwen Image Edit
Validation
mkdir -p output/alicloud-ai-image-qwen-image-edit
python -m py_compile skills/ai/image/alicloud-ai-image-qwen-image-edit/scripts/prepare_edit_request.py && echo "py_compile_ok" > output/alicloud-ai-image-qwen-image-edit/validate.txt
Pass criteria: command exits 0 and output/alicloud-ai-image-qwen-image-edit/validate.txt is generated.
Output And Evidence
- Save edit request payloads, result URLs, and model parameters under
output/alicloud-ai-image-qwen-image-edit/. - Keep one sample request/response pair for reproducibility.
Use Qwen Image Edit models for instruction-based image editing instead of text-to-image generation.
Critical model names
Use one of these exact model strings:
qwen-image-editqwen-image-edit-plusqwen-image-edit-maxqwen-image-2.0qwen-image-2.0-proqwen-image-edit-plus-2025-12-15qwen-image-edit-max-2026-01-16
Prerequisites
- Install SDK in a virtual environment:
python3 -m venv .venv
. .venv/bin/activate
python -m pip install dashscope
- Set
DASHSCOPE_API_KEYin your environment, or adddashscope_api_keyto~/.alibabacloud/credentials.
Normalized interface (image.edit)
Request
prompt(string, required)image(string | bytes, required) source image URL/path/bytesmask(string | bytes, optional) inpaint region masksize(string, optional) e.g.1024*1024seed(int, optional)
Response
image_url(string)seed(int)request_id(string)
Operational guidance
- Keep prompts task-oriented: describe what to change and what to preserve.
- Use masks for deterministic local edits.
- Save output assets to object storage and persist only URLs.
- For subject consistency, provide explicit constraints in prompt.
Local helper script
Prepare a normalized request JSON and validate response schema:
.venv/bin/python skills/ai/image/alicloud-ai-image-qwen-image-edit/scripts/prepare_edit_request.py \
--prompt "Replace the sky with sunset, keep buildings unchanged" \
--image "https://example.com/input.png"
Output location
- Default output:
output/alicloud-ai-image-qwen-image-edit/images/ - Override base dir with
OUTPUT_DIR.
Workflow
- Confirm user intent, region, identifiers, and whether the operation is read-only or mutating.
- Run one minimal read-only query first to verify connectivity and permissions.
- Execute the target operation with explicit parameters and bounded scope.
- Verify results and save output/evidence files.
References
references/sources.md
Comments
Loading comments...
