Ms Qwen Vl
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—analyze user-selected images with ModelScope Qwen-VL—but it sends image content to a third-party API and requires a ModelScope API key.
Before installing, make sure you are comfortable sending selected images to ModelScope. Use a protected environment variable or .env file for the API key, avoid command-line key exposure, and install the Python dependencies in a controlled environment such as a virtualenv.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Images, screenshots, invoices, or image URLs you ask it to analyze may be transmitted to ModelScope for processing.
The skill explicitly prepares local image files for submission to the external ModelScope API, which is expected for this vision-analysis integration but means image contents leave the local machine.
脚本会自动将本地文件转换为 ModelScope API 需要的 base64 格式。
Use this only with images you are comfortable sending to ModelScope, and review that service's privacy, retention, and cost terms for your account.
Anyone who obtains the API key may be able to use the user's ModelScope account or quota according to that key's permissions.
The skill requires a ModelScope API key. This is purpose-aligned for calling the ModelScope service, but users should treat the key as a credential.
`MODELSCOPE_API_KEY` | API 密钥(必需)
Prefer storing the key in a local environment variable or protected .env file, avoid pasting it into prompts or shell history, and rotate it if exposed. The registry metadata should also declare this credential requirement.
Dependency updates could change behavior or introduce upstream issues even if the skill's own code remains unchanged.
The documented Python dependencies are standard for this purpose, but they are not pinned to exact versions, so future installs may resolve to newer package versions.
openai>=1.0.0 Pillow>=9.0.0 python-dotenv>=1.0.0
Install in a virtual environment and consider pinning or reviewing exact package versions if you need reproducible or high-assurance use.