Aliyun Zimage Turbo

The skill's code and instructions match its stated purpose (calling Alibaba DashScope z-image-turbo to generate images); minor metadata and scope-notes are present but nothing indicates intentional misdirection or exfiltration.

This skill appears to do what it says: call Alibaba's DashScope z-image-turbo API and save images. Before installing/using it: (1) ensure you are comfortable providing a DASHSCOPE_API_KEY (set it in the environment rather than leaving it only in repository .env files); (2) inspect ~/.alibabacloud/credentials and any repository .env files the script might load so you don't unintentionally expose other secrets; (3) be cautious if you or the agent override base_url — verify it points to the official DashScope endpoints; (4) note the registry metadata omission (it doesn't declare DASHSCOPE_API_KEY) — consider asking the publisher to correct the metadata. If you plan to run the included script, review it (it uses urllib to POST and to download the returned image) and run in a controlled environment.