Seedream 5.0 Lite image generation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill needs a PoYo API key, and submitted jobs may use the account tied to that key.
The helper sends a bearer API key to the PoYo API endpoint. This is expected for the stated service, but it grants account/API authority for submitting generation jobs.
curl -sS https://api.poyo.ai/api/generate/submit -H "Authorization: Bearer $api_key"
Use a revocable PoYo API key, keep it in the POYO_API_KEY environment variable when possible, and avoid pasting keys into shared logs or shell history.
A submitted payload can create PoYo generation tasks and may consume credits depending on parameters such as output count.
The skill exposes a shell/curl workflow that submits arbitrary JSON payloads to the provider. This is central to the skill's API-wrapper purpose, but the user should review payload contents before submission.
Use `scripts/submit_seedream_5_0_lite.sh` to submit a raw JSON payload from the shell.
Before submission, confirm the model, prompt, image URLs, callback URL, and image count are what you intended.
Prompts, referenced images, and callback destinations may be visible to the PoYo service or the webhook endpoint you configure.
The documented workflow can send prompts, reference image URLs, and optional webhook callback details to PoYo. This is disclosed and purpose-aligned, but it is still a third-party data flow.
`image_urls` ... Reference image URLs ... `callback_url` ... Webhook callback URL for result notifications
Do not submit sensitive images or private URLs unless you are comfortable sharing them with PoYo, and only use callback URLs you control.