Seedream
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently wraps the Volcengine Seedream image-generation API, with expected notes around API-key use, external provider calls, and a lightly under-declared runtime dependency.
This appears safe for its stated purpose. Before installing, make sure you are comfortable providing a Volcengine API key, sending prompts or reference images to Volcengine, and allowing `uv` to resolve the Python `requests` dependency.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the user's Volcengine account and may consume paid quota when generating images.
The script uses a user-provided Volcengine API key as a bearer token to call the image-generation service.
"Authorization": f"Bearer {api_key}"Use a dedicated, least-privileged API key if available, monitor usage costs, and prefer environment-variable handling over pasting secrets into shared command logs.
Prompts and reference images provided to the skill are shared with the external image-generation provider.
The script sends the prompt and optional reference image data to Volcengine's external API endpoint.
url = "https://ark.cn-beijing.volces.com/api/v3/images/generations" ... payload = {"model": model, "prompt": prompt, "size": size} ... payload["image"] = image_inputAvoid sending sensitive prompts or private images unless you are comfortable with the provider's data handling terms.
Running the skill may fetch or resolve a Python package even though the registry metadata lists no required binaries or install spec.
The script declares a runtime Python dependency that will typically be resolved when invoked through `uv run`; this is purpose-aligned but not captured in the registry requirements.
# dependencies = [ # "requests>=2.31.0", # ]
Install from trusted package sources and consider pinning or reviewing dependencies in controlled environments.