Wan Image and Video Generation and Editting
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill can use the configured DashScope account, which may consume quota or incur service charges.
The script reads the DashScope API key from the environment and uses it as a bearer token for API requests.
api_key = os.environ.get("DASHSCOPE_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated DashScope API key with the minimum needed permissions, keep it out of shared logs, and monitor account usage or billing.
Any local images or media references you provide may be transmitted to Alibaba’s DashScope service for processing.
Local image files supplied to the script are encoded and included in requests sent to the external DashScope API.
with open(abs_path, "rb") as f: b64 = base64.b64encode(f.read()).decode("utf-8") ... requests.post(url, headers=headers, json=payloadOnly provide files you are allowed to upload, avoid sensitive personal or confidential media, and review the provider’s data handling terms.