ClawHub
Back to skill
v1.0.0

Qwen Image

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

The skill appears to do what it claims—generate images through Alibaba Cloud DashScope—but users should handle the API key and cloud-hosted outputs carefully.

GuidanceThis skill looks purpose-aligned and not malicious. Before installing, make sure you are comfortable sending prompts to Alibaba Cloud, use a dedicated DashScope API key, avoid putting secrets in prompts, and only allow local file saving to paths you explicitly choose.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceMediumStatusNote
scripts/generate_image.py
print(f"Prompt: {args.prompt}") ... print(f"MEDIA_URL: {image_url}")

The script prints the raw prompt before printing a machine-parsed MEDIA_URL marker; combined with SKILL.md's line-based MEDIA_URL parsing workflow, prompts containing newlines could spoof marker-like output.

User impactA malformed or copied prompt could cause the agent to render an unintended URL instead of the actual generated image URL.
RecommendationSanitize or escape user prompts in logs, or emit structured JSON and parse only the final trusted result field.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/generate_image.py
# dependencies = [
#     "requests>=2.31.0",
# ]

The uv script declares an external Python dependency using a version lower bound rather than a pinned lockfile.

User impactRunning the skill may resolve and install a newer compatible requests package from the package ecosystem.
RecommendationFor stronger reproducibility, pin exact dependency versions or include a reviewed lockfile.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/generate_image.py
if args.filename:
            output_path = Path(args.filename)
            output_path.parent.mkdir(parents=True, exist_ok=True)

The script can create parent directories and write the downloaded image to a user-supplied path, which is expected for a save option but should remain user-directed.

User impactIf an unsafe filename is chosen, the script could overwrite a local file with downloaded image data.
RecommendationSave only to user-approved paths, avoid protected or ambiguous filenames, and consider adding overwrite confirmation or output-directory restrictions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Get apiKey from `models.providers.bailian.apiKey` in `~/.openclaw/openclaw.json` ... Or get from `DASHSCOPE_API_KEY` environment variable

The skill is expected to need a DashScope credential, but it directs use of a local config-stored API key or environment variable while the registry metadata declares no primary credential or env var.

User impactThe skill may use a cloud API key that can authorize requests and potentially incur usage charges on the user's Alibaba Cloud account.
RecommendationUse a dedicated DashScope key with the minimum needed scope, prefer environment or skill-specific configuration over pasting keys into shared command history, and declare the credential requirement in metadata.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/generate_image.py
requests.post("https://dashscope.aliyuncs.com/api/v1/services/aigc/multimodal-generation/generation", ... json=payload

The script sends the user's prompt and generation parameters to the DashScope cloud API, which is purpose-aligned but means prompt content leaves the local environment.

User impactSensitive text included in prompts may be transmitted to Alibaba Cloud, and generated images are returned as cloud-hosted URLs.
RecommendationAvoid including private or regulated information in prompts unless the user is comfortable with DashScope handling it, and review Alibaba Cloud's data handling terms.