aliyun-image
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Alibaba DashScope image helper, but using it will send prompts/images to Alibaba and use your DashScope API key.
Install only if you are comfortable using an Aliyun DashScope API key and sending the selected prompts/images to Alibaba's service. Confirm local file paths before editing or downloading, and monitor usage because successful image generation or translation can be billed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may consume the user's Aliyun quota or incur per-image charges.
The skill requires a DashScope API key for Aliyun image generation, editing, and translation. This is purpose-aligned, but it gives the skill authority to make requests under the user's Aliyun account.
export DASHSCOPE_API_KEY="sk-xxxx"
Use a scoped or limited API key if available, keep it out of shared logs, and review generation/editing requests before allowing paid calls.
Local image files selected for editing may be sent to Alibaba DashScope for processing.
When an edit input is a local path, the helper reads that file and embeds it in the API payload. This supports local image editing, but it can upload private files if a sensitive path is supplied.
if os.path.exists(img): ... with open(img, "rb") as f: ... content.append({"image": f"data:image/jpeg;base64,{b64}"})Only provide image URLs or local file paths that you intentionally want to upload to the provider.
A careless save path could replace a local file with downloaded image data.
The download helper writes remote content to a user-supplied local path. This is a normal image-download feature, but the chosen path could overwrite an existing file.
with open(save_path, "wb") as f:
f.write(resp.content)Save downloads to a dedicated output folder and avoid protected or important file paths.