article-images-gen
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: article-images-gen Version: 1.0.2 The skill bundle is a legitimate tool designed to generate hand-drawn illustrations for articles using the AliCloud DashScope (Qwen-Image) API. The code in `scripts/illustrator.ts` and `scripts/article-analyzer.ts` performs article structure analysis, generates image prompts based on section headings, and updates the original Markdown file with image references after creating a backup. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the file system and network operations are strictly aligned with the stated purpose of image generation and article modification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your DashScope API key is used to make image-generation requests and could be sent to a non-default endpoint if your environment overrides the base URL.
The skill uses an environment API key to authenticate to the image provider. This is purpose-aligned, but users should verify the endpoint, especially because DASHSCOPE_BASE_URL can override the default.
const base = process.env.DASHSCOPE_BASE_URL || "https://dashscope.aliyuncs.com"; ... Authorization: `Bearer ${apiKey}`Set DASHSCOPE_API_KEY only for the intended provider account, and verify DASHSCOPE_BASE_URL is unset or points to a trusted DashScope-compatible endpoint.
Article headings or extracted prompt details may be sent to DashScope for image generation.
Generated prompt text is sent to the external DashScope API. This is disclosed and necessary for the skill, but article-derived prompt content leaves the local machine.
content: [{ text: stylePrompt }], ... const res = await fetch(url, { method: "POST", ... body: JSON.stringify(body) })Avoid using this skill on confidential articles unless sending prompt-derived content to DashScope is acceptable.
The Markdown article you pass to the script will be changed, with a backup saved alongside it.
The skill rewrites the selected article to insert image references, but first creates a backup. This file mutation is disclosed and scoped to the user-provided article path.
const backupPath = `${articlePath}.bak-${Date.now()}`; await copyFile(articlePath, backupPath); ... await writeFile(articlePath, newLines.join("\n"));Review the generated backup and diff before committing or publishing the modified article.