Alicloud Ai Image Qwen Image
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: alicloud-ai-image-qwen-image Version: 1.0.3 The skill contains a Python script (scripts/generate_image.py) with a significant security vulnerability: the 'resolve_reference_image' function reads arbitrary local files from the filesystem if a path is provided in the request, without validating that the file is an image. This could be exploited via prompt injection to exfiltrate sensitive local data by passing it as a 'reference_image' to the Alibaba Cloud API. Additionally, the script manually parses sensitive credentials from '~/.alibabacloud/credentials' and uses 'urllib.request.urlopen' to download files without scheme validation, which are risky patterns in an agent-executed environment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use your Alibaba Cloud DashScope API key, which can consume account quota or incur costs.
The helper can read a local Alibaba Cloud credentials profile to obtain a DashScope API key. This is expected for a DashScope image-generation provider, but it is sensitive account access and is not declared in the registry metadata.
credentials_path = Path(os.path.expanduser("~/.alibabacloud/credentials")) ... key = config.get(profile, "dashscope_api_key", fallback="").strip() ... os.environ["DASHSCOPE_API_KEY"] = keyUse a scoped DashScope key, verify the selected Alibaba Cloud profile, and avoid placing unrelated high-privilege credentials where this helper may read them.
Prompts and reference images may leave the local machine and be processed by the external provider.
The script can read a user-specified local reference image and include it in the DashScope API request. Sending prompts and reference images to the image-generation provider is core to the skill, but users should treat those inputs as data shared with Alibaba Cloud.
if path.exists():
return path.read_bytes()
...
response = ImageGeneration.call(
model=MODEL_NAME,
messages=messages,Do not submit private, regulated, or confidential images or prompts unless your Alibaba Cloud/DashScope data handling terms allow it.
Different or future SDK versions could change API behavior or dependency contents.
The setup instructions install the DashScope SDK without a pinned version. This is normal for an SDK-based integration, but it leaves behavior dependent on the package version resolved at install time.
python -m pip install dashscope
Install in a virtual environment and consider pinning a reviewed dashscope version for reproducible use.
Local output files may retain prompts, image URLs, or metadata after a run.
The skill intentionally persists prompts, generated image URLs, metadata, and sample responses as local evidence. This is disclosed and useful for debugging, but those saved prompts or URLs may contain sensitive project context.
Write generated image URLs, prompts, and metadata to `output/alicloud-ai-image-qwen-image/`. - Keep at least one sample JSON response per run.
Review and clean the output directory when prompts, reference images, or generated URLs are sensitive.