article-images-gen
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent article-illustration generator that uses DashScope as disclosed, but users should notice that it uses an API key, sends generated prompts to an external provider, and edits the selected article file.
Install only if you are comfortable providing a DashScope API key and sending article-derived prompts to DashScope. Before running, confirm your DASHSCOPE_BASE_URL is trusted, keep backups, and review the modified Markdown file before publishing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your DashScope API key is used to make image-generation requests and could be sent to a non-default endpoint if your environment overrides the base URL.
The skill uses an environment API key to authenticate to the image provider. This is purpose-aligned, but users should verify the endpoint, especially because DASHSCOPE_BASE_URL can override the default.
const base = process.env.DASHSCOPE_BASE_URL || "https://dashscope.aliyuncs.com"; ... Authorization: `Bearer ${apiKey}`Set DASHSCOPE_API_KEY only for the intended provider account, and verify DASHSCOPE_BASE_URL is unset or points to a trusted DashScope-compatible endpoint.
Article headings or extracted prompt details may be sent to DashScope for image generation.
Generated prompt text is sent to the external DashScope API. This is disclosed and necessary for the skill, but article-derived prompt content leaves the local machine.
content: [{ text: stylePrompt }], ... const res = await fetch(url, { method: "POST", ... body: JSON.stringify(body) })Avoid using this skill on confidential articles unless sending prompt-derived content to DashScope is acceptable.
The Markdown article you pass to the script will be changed, with a backup saved alongside it.
The skill rewrites the selected article to insert image references, but first creates a backup. This file mutation is disclosed and scoped to the user-provided article path.
const backupPath = `${articlePath}.bak-${Date.now()}`; await copyFile(articlePath, backupPath); ... await writeFile(articlePath, newLines.join("\n"));Review the generated backup and diff before committing or publishing the modified article.