ecommerce-image-suite

This skill appears to implement the advertised e‑commerce image workflow, but review and be cautious before installing or running it: - Confirm which provider key you will supply. The skill lists DASHSCOPE_API_KEY as required (Tongyi / DashScope). Optional keys for OpenAI, Google Gemini, Stability, ARK/豆包 are also recognized — only set the keys you intend to use. - There are inconsistent environment variable names in the code/documentation (e.g., DOUBAO_API_KEY vs ARK_API_KEY). Double‑check the script you run (check_providers.py vs generate.py) to ensure the environment variable names you set are actually detected. - The generate scripts allow custom --base-url / *_BASE_URL values (proxy endpoints). If you use a proxy URL, the script will send your API key and prompt/image data to that proxy. Only use trusted proxy endpoints (prefer official provider endpoints) — untrusted proxies can harvest your API keys and uploaded images. - The skill will send product images/prompts to external services (image generation and the 'visual analysis' step). Do not supply sensitive or private images unless you accept they will be transmitted to those providers. - check_providers prints a key preview; avoid running it where its stdout could be captured by others if you care about leaking partial key data. - If you plan to use this in production, consider: (1) fixing the env var name mismatches in the code, (2) adding explicit validation/whitelisting for allowed base_url values, and (3) limiting logging of API keys/partials. If you are unsure about trusting provider endpoints or proxies, test the skill in a controlled environment with non-sensitive images and short‑lived API keys that you will rotate afterward.