Qwen Image
Generate images using Qwen Image API (Alibaba Cloud DashScope). Use when users request image generation with Chinese prompts or need high-quality AI-generated images from text descriptions.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 4 · 5.7k · 68 current installs · 71 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and included script all implement Qwen Image generation via DashScope (requests to dashscope.aliyuncs.com with a Bearer token). Requiring the 'uv' runner is consistent with the SKILL.md usage. However, the SKILL.md instructs the agent to read ~/.openclaw/openclaw.json for API keys but the skill metadata does not declare any required config paths or primary credential — this mismatch should be clarified.
Instruction Scope
Runtime instructions direct the agent to search for API keys in ~/.openclaw/openclaw.json (models.providers.bailian.apiKey or skills."qwen-image".apiKey) or the DASHSCOPE_API_KEY env var. Reading the user's OpenClaw config is relevant for obtaining a stored API key, but it is not declared in the manifest and could expose other stored keys if the agent reads the full file. Otherwise, the SKILL.md stays within the image-generation task (extract MEDIA_URL line, do not download unless asked).
Install Mechanism
The install uses a Homebrew formula 'uv' which matches the declared required binary and is a low-risk, standard install method. However, the Python script depends on the 'requests' package (commented in the file) but there is no install specification to install Python dependencies; that will cause runtime failures unless the environment already has the dependency. No high-risk external download URLs are used.
Credentials
The manifest lists no required environment variables or primary credential, yet both SKILL.md and the script expect an API key via DASHSCOPE_API_KEY or an entry in ~/.openclaw/openclaw.json. The skill could read user configuration to locate keys; this access should be declared explicitly. Also verify that the agent will only read the specific field (models.providers.bailian.apiKey or skills."qwen-image".apiKey) rather than scanning the entire config for other secrets.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system configuration. It prints URLs or saves files only when explicitly asked. No privileged persistence behavior was detected.
What to consider before installing
This skill appears to implement Qwen Image generation and talks to the DashScope API, but there are a few things to check before installing: 1) Confirm you are comfortable the agent will read ~/.openclaw/openclaw.json for the API key — ask the author to explicitly declare that config path and to state exactly which JSON fields will be accessed (so it doesn't scan for other secrets). 2) Prefer setting a dedicated DASHSCOPE_API_KEY environment variable (not a general-purpose secret) to limit exposure. 3) Ensure the runtime environment has Python 3.10+ and the 'requests' package, or ask the author to add a pip install step to the install spec. 4) The install uses the Homebrew 'uv' formula — verify this formula is the expected one in your environment. 5) If you need stronger isolation, run the script in a sandboxed environment or with a scoped API key. If the author can update the manifest to declare required config paths/env vars and include Python dependencies, the remaining concerns will be reduced.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎨 Clawdis
Binsuv
Install
Install uv (brew)
Bins: uv
brew install uvSKILL.md
Qwen Image
Generate high-quality images using Alibaba Cloud's Qwen Image API (通义万相).
Usage
Generate an image (returns URL only):
uv run {baseDir}/scripts/generate_image.py --prompt "一副典雅庄重的对联悬挂于厅堂之中" --size "1664*928" --api-key sk-xxx
Generate and save locally:
uv run {baseDir}/scripts/generate_image.py --prompt "一副典雅庄重的对联悬挂于厅堂之中" --size "1664*928" --api-key sk-xxx
With custom model:
Support qwen-image-max-2025-12-30 qwen-image-plus-2026-01-09 qwen-image-plus
uv run {baseDir}/scripts/generate_image.py --prompt "a beautiful sunset over mountains" --model qwen-image-plus-2026-01-09 --api-key sk-xxx
API Key
You can obtain the API key and run the image generation command in the following order.
- Get apiKey from
models.providers.bailian.apiKeyin~/.openclaw/openclaw.json - Or get from
skills."qwen-image".apiKeyin~/.openclaw/openclaw.json - Or get from
DASHSCOPE_API_KEYenvironment variable - Or Get your API key from: https://dashscope.console.aliyun.com/
Options
Sizes:
1664*928(default) - 16:9 landscape1024*1024- Square format720*1280- 9:16 portrait1280*720- 16:9 landscape (smaller)
Additional flags:
--negative-prompt "unwanted elements"- Specify what to avoid--no-prompt-extend- Disable automatic prompt enhancement--watermark- Add watermark to generated image--no-verify-ssl- Disable SSL certificate verification (use when behind corporate proxy)
Workflow
- Execute the generate_image.py script with the user's prompt
- Parse the script output and find the line starting with
MEDIA_URL: - Extract the image URL from that line (format:
MEDIA_URL: https://...) - Display the image to the user using markdown syntax:
 - Do NOT download or save the image unless the user specifically requests it
Notes
- Supports both Chinese and English prompts
- By default, returns image URL directly without downloading
- The script prints
MEDIA_URL:in the output - extract this URL and display it using markdown image syntax: - Always look for the line starting with
MEDIA_URL:in the script output and render the image for the user - Default negative prompt helps avoid common AI artifacts
- Images are hosted on Alibaba Cloud OSS with temporary access URLs
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…