ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

qwencloud-image-generation

v0.1.0

[QwenCloud] Generate and edit images using Wan and Qwen Image models. Supports text-to-image, image editing (style transfer, subject consistency, text render...

0· 195·0 current·0 all-time
by@cuixiaoyang123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is an image-generation helper and its bundled scripts (image.py, qwencloud_lib.py, image_lib.py) legitimately require a provider API key (DASHSCOPE_API_KEY / QWEN_API_KEY) and handle local image uploads. However the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and the code that explicitly expects an API key. This metadata mismatch reduces transparency and is a meaningful red flag.
Instruction Scope
SKILL.md and the scripts are focused on image generation and editing (text→image, i2i, interleaved output) and include curl examples and guidance for .env usage — behavior aligns with stated purpose. The code loads .env files, may read environment variables (DASHSCOPE_API_KEY, QWEN_BASE_URL, QWEN_REGION), auto-uploads local image files to provider-managed storage, and includes an update-check routine that can spawn a local script if present. The file-upload and .env loading are expected for this skill, but the update-check subprocess execution expands runtime scope (can run a local script in the repo) and should be reviewed.
Install Mechanism
There is no external install spec; the skill is delivered as bundled Python scripts (stdlib-only) and documentation. No network downloads or package installs are automatically performed by the skill itself. That lowers supply-chain risk compared with arbitrary remote installs.
!
Credentials
The runtime requires a Qwen/DashScope API key and optionally QWEN_BASE_URL/QWEN_REGION for custom endpoints; these are appropriate for an image-generation integration. However the skill metadata does not declare required env vars, causing a transparency gap. The scripts also auto-load .env files (injecting values into os.environ) and can upload local files to provider storage — both reasonable for the purpose but they mean the skill will access local files and secrets if present in project .env files. The skill also writes a small state file under a detected repo's .agents directory for update-check preferences.
!
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). It does, however, create/modify files under the repository (writes .agents/state.json via the update-check helper) and may invoke a local update-check script (subprocess.run) if present in installed skills. That causes it to execute other local skill code during initialization, increasing runtime privilege and attack surface; users should be comfortable with scripts in their repository being executed by this skill.
What to consider before installing
Key points to consider before installing: - Metadata mismatch: The registry metadata claims no required environment variables, but SKILL.md and the included Python scripts require a DASHSCOPE_API_KEY (or QWEN_API_KEY). Treat this as a transparency issue — expect to provide an API key in a .env (or env var) for the skill to work. - API key handling: The skill instructs you to keep API keys out of plaintext output and to use .env; follow that. Prefer storing the API key in a .env file or secure secret store, and do not paste the key into chat or share it publicly. - Local file access / uploads: The skill will auto-upload local image files you reference to the provider's temporary storage. This is expected for an image-editing tool, but avoid referencing sensitive images you don't want uploaded. - Update-check behavior: On startup the code may run an update-check routine that can execute a local script (if present in your repo/skills). That means the skill may run other local code during initialization. If you have untrusted code in your repo/skills, either remove it or inspect the called scripts before using this skill. - Recommended actions: (1) Inspect the included scripts (image.py, qwencloud_lib.py, gossamer.py) yourself or run them in an isolated environment. (2) Only place the API key in a secure .env (and confirm the code uses os.environ rather than printing keys). (3) If you do not want automatic local-script execution, search your repo for qwencloud-update-check or the relevant scripts and remove or sandbox them. (4) Prefer running the scripts manually the first time to observe behavior before allowing any agent to invoke them autonomously. Overall: the code appears to implement the advertised image-generation functionality, but the failure to declare required credentials in metadata and the update-check subprocess execution are actionable concerns — review the code and environment handling before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxmgwbgy3regp6rfgay9drh83w2nm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments