Skills
skills/cinience/alicloud-skills/aliyun-wan-image/Gen Agent Trust Hub

aliyun-wan-image

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file contains validation commands to create directories (mkdir) and compile Python scripts (py_compile) to ensure the environment is correctly set up.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the dashscope package from PyPI. Additionally, the generate_image.py script downloads generated images from the official Alibaba Cloud DashScope API endpoints (dashscope.aliyuncs.com) using urllib.request.urlopen.
  • [CREDENTIALS_UNSAFE]: The script scripts/generate_image.py is designed to read API keys from standard locations, including the ~/.alibabacloud/credentials file and .env files. This is consistent with the official Alibaba Cloud SDK documentation for managing service authentication securely.
  • [DATA_EXFILTRATION]: The script reads local configuration files and transmits data to the DashScope API. This behavior is documented and necessary for the skill's primary function of generating images via the remote AI service.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 06:49 AM