ClawHub

Qwen Skill

v1.0.0

Generate and edit images with Qwen Image via DashScope API. This is a skill, not a callable tool. First use the read tool to open this SKILL.md, then run the...

0· 110·0 current·0 all-time
by@huiya-code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill runs a Python CLI that calls DashScope Qwen Image endpoints and needs a DASHSCOPE_API_KEY and python3. Required binaries and the primary environment variable are appropriate and proportional to the stated purpose.
Instruction Scope
SKILL.md enforces running the included Python script and parsing MEDIA_REF output. The script will: load .env files (cwd and baseDir), read any local input image files you pass, POST to DashScope endpoints, download returned image URLs, and write published files and HTML viewers to an outbound directory. This behavior is expected for an image-generation skill, but .env auto-loading and saving files to ~/.openclaw/media/outbound are things to be aware of.
Install Mechanism
No automated installer is included; the skill is instruction-only and provides a pip3 install -r requirements.txt step. This is low-risk compared to arbitrary remote downloads. Requirements (requests, Pillow) are reasonable for the task.
Credentials
The only required credential is DASHSCOPE_API_KEY (declared as primary). The script also respects optional envs (DASHSCOPE_REGION, OPENCLAW_MEDIA_OUTBOUND_DIR, OPENCLAW_MEDIA_BASE_URL) and will load any variables from .env files if present — this can surface other project secrets if they exist in .env. That behavior is explainable but worth attention.
Persistence & Privilege
The skill does not request always:true, does not alter other skills, and its filesystem writes are limited to user-specified or default outbound directories. Autonomous invocation is enabled (the platform default) but not unusual here.
Assessment
This skill appears to do what it says: it runs the included Python CLI that calls DashScope (Qwen Image) and requires a DASHSCOPE_API_KEY. Before installing: 1) only provide a DashScope API key intended for image generation (avoid reusing highly privileged keys); 2) check any .env files in your current/project directories — the script auto-loads .env and may pull in other variables you did not intend to expose; 3) note that generated images are written to an outbound directory (default ~/.openclaw/media/outbound) and can be published to a public base URL if OPENCLAW_MEDIA_BASE_URL is set; 4) review the included scripts if you want to confirm behavior (network calls go to dashscope[.intl].aliyuncs.com); and 5) run the skill in an isolated environment or with restricted credentials if you are concerned about accidental exposure of other secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fe6772nbj09s4vaws5mn8mn838zck

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binspython3
EnvDASHSCOPE_API_KEY
Primary envDASHSCOPE_API_KEY

Comments