Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
qwencloud-video-generation
v0.1.0[QwenCloud] Generate videos using Wan models. Supports text-to-video, image-to-video, first+last frame, reference-based role-play, and video editing (VACE)....
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (qwencloud-video-generation) align with the included scripts: they submit async video-generation tasks to QwenCloud/DashScope (Wan models). However the registry metadata claims no required environment variables or primary credential, while the SKILL.md and the code clearly require an API key (DASHSCOPE_API_KEY or QWEN_API_KEY) and honor QWEN_BASE_URL/QWEN_REGION. That metadata omission is an incoherence and could mislead users about what credentials are needed.
Instruction Scope
SKILL.md and the scripts are prescriptive and mostly within the video-generation domain: building payloads, uploading local media to provider temp storage, submitting async tasks, polling, downloading results, and giving prompt guidance. The runtime libraries load .env files (load_dotenv), search the repo root, read/write repository state files (e.g., .agents/state.json, skills-lock.json), and can run a local update-check script. These repo filesystem reads/writes and the update-check subprocess call are outside the narrow 'generate one video' scope and should be noted, but are explained in the documentation.
Install Mechanism
There is no external install spec (no packages downloaded), and all Python files are stdlib-only. No external URLs, package installs, or archive extraction were observed in the provided files. The code invokes subprocess to run local Python scripts if present but does not fetch remote code by itself.
Credentials
The repository metadata declared 'Required env vars: none', yet the SKILL.md and code expect DASHSCOPE_API_KEY (and accept QWEN_API_KEY alias), plus optional QWEN_BASE_URL and QWEN_REGION. The code also loads .env files from cwd and repo root and will not overwrite existing env variables. Requesting no credentials in the registry but actually requiring a provider API key is a material inconsistency that could trick users into thinking no secrets are needed.
Persistence & Privilege
The skill does not request 'always: true' or other elevated runtime privileges. It does read and sometimes write repository-local files: load .env, read skills-lock.json, and write .agents/state.json via the update-check helper (gossamer.py). These actions are confined to the repository (not global system config), but they do create/modify files under the project's .agents directory and may emit update prompts that reference `npx` commands. Be aware it will persist a small state file if update-check flows run.
What to consider before installing
This skill appears to be a legitimate QwenCloud (DashScope/Wan) video-generation tool, but the published metadata is inconsistent with the implementation. Before installing or running it: 1) Expect to provide a QwenCloud API key (DASHSCOPE_API_KEY or QWEN_API_KEY). Do not paste keys into chat — put them in your environment or a local .env as instructed. 2) Review the scripts (video.py, qwencloud_lib.py, gossamer.py) yourself — they will read .env files, may upload local media to the provider's temp storage, and will read/write repository-local state (.agents/state.json, skills-lock.json). 3) Confirm you are comfortable with local file reads/writes and with the skill making outbound API requests to the provider endpoints (QWEN_BASE_URL or default DashScope URLs). 4) If the metadata in the registry is important to you, ask the publisher to correct the declared required env vars and credential fields before trusting automatic installation. If you want extra assurance, run the scripts locally in an isolated environment and inspect network calls (or set QWEN_BASE_URL to a controlled test endpoint) before giving production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk9770sek62x5czkg1a7esdg1p183wdv7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.