Qwen Video (Wan)

This skill appears to do what it says (submit a DashScope Wan t2v job, poll it, and download the mp4), but there are several things you should consider before installing or running it: - Metadata mismatch: The registry claims no required environment variables or binaries, yet the SKILL.md and scripts require DASHSCOPE_API_KEY and CLI tools (curl, bash, python3). Treat the manifest as incomplete and verify you provide only a key with least privilege. - TLS verification disabled: The scripts use curl -k which skips certificate validation. Prefer removing -k to ensure TLS certificates are checked, or only run the scripts in a trusted network if you cannot change them. - Prompt / JSON handling: submit.sh interpolates prompt text directly into JSON; avoid running untrusted prompts that might break the JSON or include unexpected characters. Consider sanitizing or escaping input before use. - Filesystem writes: The skill will download and write video files to paths you specify. Ensure you choose a safe output path and run in an environment where writing is acceptable (e.g., not a sensitive system directory). Recommended actions: review the scripts locally, add DASHSCOPE_API_KEY to the skill manifest or your environment, ensure curl and python3 are installed, remove the -k flags or validate certificates, and consider running first in an isolated environment. If the publisher can update the package metadata to declare required env vars and binaries and remove -k, the incoherence would be resolved and my confidence would increase.