Aliyun Pixverse Generation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent Alibaba PixVerse video-generation helper, with expected provider API and credential use but no evidence of hidden or malicious behavior.
This appears safe to use for Alibaba PixVerse generation if you are comfortable sending prompts and media URLs to Alibaba Cloud and using a DashScope API key. Install dependencies in a virtual environment and avoid placing sensitive content in prompts or media references.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your prompts, generation parameters, and referenced media URLs may be sent to Alibaba Cloud to create videos.
The skill instructs use of an external Alibaba Cloud API for video generation. This matches the stated purpose and is clearly disclosed.
Submit task: `POST https://dashscope.aliyuncs.com/api/v1/services/aigc/video-generation/video-synthesis`
Use only prompts and media that you are comfortable sending to Alibaba Cloud, and review provider terms, costs, and data-handling policies.
Using this skill may consume Alibaba Cloud quota or incur charges under the configured account.
The skill requires provider credentials to access Alibaba Cloud Model Studio. This is expected for the integration, but it gives the workflow access to a billable cloud account.
Set `DASHSCOPE_API_KEY` in your environment, or add `dashscope_api_key` to `~/.alibabacloud/credentials`.
Use a scoped API key when possible, keep it out of shared logs, and confirm charges/quotas before running generation jobs.
Installing the dependency will run code from the Python package ecosystem in your environment.
The skill recommends installing an external Python package without a pinned version. This is purpose-aligned, but users should be aware of dependency provenance and version drift.
python -m pip install dashscope
Install in a virtual environment as shown, prefer a trusted package source, and pin or review the dashscope package version for reproducible use.