Cn Video Gen

This skill contains useful scripts to call Wan2.6 video-generation, but there are several red flags you should address before installing or running it: - Missing/undeclared credentials: The registry lists no required env vars, yet generate.py requires DASHSCOPE_API_KEY and SKILL.md documents additional Kling keys. Confirm which credentials are actually required and only provide them if you trust the endpoints. - Hard-coded token: upload_image.py embeds IMGURL_TOKEN and UID defaults. Treat this as suspicious — the token may be valid and will send any uploaded images to a third-party account. Do not run the upload script with sensitive images until you remove or replace the hard-coded credentials. Prefer setting IMGURL_... via environment variables and rotate any tokens you own if they were exposed. - Kling support mismatch: SKILL.md mentions Kling (Kling V2) but there is no implementation in the provided scripts. If you need Kling, request the author provide code or remove the claim. - Missing TOOLS.md: the instructions reference a TOOLS.md for credentials/config that isn't included; ask the author for it or for clearer runtime requirements. - Data exposure: both scripts make outbound network requests (to DashScope/Aliyun and ImgURL). If privacy of input images or generated videos matters, review the remote services' policies and avoid uploading sensitive content. Recommended actions: 1) Inspect and remove the embedded IMGURL_TOKEN from upload_image.py; replace with reading from environment and require the user to set it. 2) Confirm the validity and least-privileged scope of any API keys used (rotate them if they were accidentally leaked). 3) Ask the publisher to update the skill manifest to declare required env vars and to either implement or remove Kling support. 4) Only run the scripts in a controlled environment and avoid uploading private images until you are satisfied with the destination and credential handling.