ClawHub

Dashscope Image Gen

v1.0.0

Generate images via Alibaba DashScope OpenAI-compatible endpoint (compatible-mode) using qwen-image-max. Use when the user asks for 文生图/图片生成/image generation...

0· 108·1 current·1 all-time
by@dhdragon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script posts to {baseUrl}/images/generations using model qwen-image-max. Minor mismatch: the skill metadata lists no required env vars, but both SKILL.md and the script expect an API key (DASHSCOPE_API_KEY or --api-key). This is proportionate to the stated purpose but should have been declared.
Instruction Scope
Runtime instructions and the script stay within the image-generation task: they build an images/generations payload, send it to the configured base URL, and write the returned image bytes to disk. The script will also attempt to read ~/.openclaw/openclaw.json as a fallback to find an API key — that is reasonable for convenience but is outside the minimal instructions and should be noted.
Install Mechanism
No install spec; this is an instruction-only skill with a small included CLI script. Nothing is downloaded or written to disk by an installer step.
Credentials
The script requires a DashScope API key to function (DASHSCOPE_API_KEY or --api-key, or an entry in ~/.openclaw/openclaw.json). Requesting a single service API key is proportionate. The skill did not declare this env var in the registry metadata — a metadata omission rather than excessive privilege. The fallback read of ~/.openclaw/openclaw.json reads the user config file to obtain the key.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and runs only when invoked. No elevated persistence or unexpected privileges observed.
Assessment
This skill appears to be coherent and implements a simple CLI that calls DashScope's compatible images API. Before installing or running: (1) be aware the script needs your DashScope API key (DASHSCOPE_API_KEY) but the registry metadata does not list it — provide the key via environment variable or config rather than the --api-key flag to avoid shell history leakage; (2) the script will read ~/.openclaw/openclaw.json as a fallback, so review that file for other secrets before reusing it; (3) confirm the base URL (https://dashscope.aliyuncs.com/compatible-mode/v1) is the expected endpoint for your account; (4) inspect the small included script yourself (it's short and readable) if you have doubts; and (5) avoid pasting high‑privilege credentials on the command line.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763zfhbfjecc8s2dng3yq20583516s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments