Wan Image and Video Generation and Editting
v1.0.2Image and Video Generation and Editting wiht Wan series models. It offers text2image, image editting(with prompt), text2video, image2video and reference(imag...
⭐ 9· 3.6k·28 current·29 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill describes image/video generation and editing with Wan models and the included script calls Dashscope endpoints (dashscope.aliyuncs.com). Declared requirements (python3 and DASHSCOPE_API_KEY) are appropriate and necessary for the functionality.
Instruction Scope
SKILL.md instructs running the bundled Python script which base64-encodes local image/video files and posts them to the Dashscope API. Reading local media files is required for image-edit / image2video tasks, but the script will accept arbitrary local paths you supply — that can lead to accidental upload/exfiltration of sensitive files if misused. The script also prints full API responses to stdout.
Install Mechanism
There is no install step or remote download. The skill ships a single Python script and relies on an existing python3 binary; this is low-risk compared to fetching/executing remote archives.
Credentials
Only one environment variable is required: DASHSCOPE_API_KEY (the declared primary credential). That is expected for a hosted-model API client. The key is sent as a Bearer token to Dashscope endpoints and thus grants the remote service the ability to consume your account and incur usage.
Persistence & Privilege
The skill does not request permanent/always-on inclusion, does not modify other skills or system-wide settings, and contains no installation hooks that would persist beyond executing the provided script.
Assessment
This skill is internally consistent and appears to do what it says: it calls Alibaba Dashscope (Wan) APIs and needs your DASHSCOPE_API_KEY. Before installing/using: (1) Confirm you trust the Dashscope endpoint and the skill author; the homepage appears to point at an Alibaba console. (2) Treat DASHSCOPE_API_KEY like a secret—do not share it and expect that calls will consume your account quota and may incur charges. (3) When supplying local file paths, only provide non-sensitive image/video files: the script will base64-encode and upload whatever path you give it, so avoid pointing it at system or private files. (4) If you want extra safety, run the script in a sandboxed environment or inspect/run the script manually to see its network activity (it posts to https://dashscope.aliyuncs.com and related regional hostnames). (5) Rotate or revoke the API key if you stop using the skill. If you want me to, I can walk through the script line-by-line or show exactly what network requests it will make.Like a lobster shell, security has layers — review code before you run it.
latestvk97dd91ae16emcgxqr9ekh26s182s245
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Binspython3
EnvDASHSCOPE_API_KEY
Primary envDASHSCOPE_API_KEY