← 返回 Skills 市场
459
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install wan
功能描述
Generate images using Alibaba DashScope wan2.6-t2i model, download to Desktop, and upload to catbox.moe image hosting. Use when the user asks to generate, cr...
安全使用建议
This skill appears to do what it says (call Alibaba DashScope to generate images and upload them to catbox.moe) but there are a few things to check before installing: 1) The SKILL.md requires DASHSCOPE_API_KEY but the registry metadata lists no required env vars — ask the publisher to correct the metadata so you know beforehand what secret will be used. 2) SKILL.md contains a literal-looking API key in an example; do not assume it is safe. Treat it as a possible leaked secret and ask the maintainer to remove or redact it. 3) The workflow writes images to your Desktop and uploads them to a public third-party host (catbox.moe). Confirm you are comfortable with generated images being stored publicly and that no sensitive content will be uploaded. 4) Verify the DashScope endpoint (dashscope-intl.aliyuncs.com) is the correct official API and use a scoped or disposable API key for initial testing. 5) Consider updating the skill to prompt the user explicitly before writing files or uploading, and to avoid embedding credentials in docs. If the publisher clarifies the env var requirement and removes the hardcoded example key, the inconsistencies would be resolved.
功能分析
Type: OpenClaw Skill
Name: wan
Version: 1.0.0
The skill is classified as suspicious due to several risky capabilities, even though its stated purpose (image generation, download, upload) appears benign. The `SKILL.md` instructs the AI agent to handle a sensitive `DASHSCOPE_API_KEY` by 'asking the user', which creates a direct prompt injection surface for an attacker to potentially extract the key from the agent. Additionally, the skill directly executes powerful shell commands like `curl` for network operations and `python3 -c` for JSON parsing, which, while used benignly here, represent significant execution capabilities that could be exploited if user input were ever mishandled. Finally, the skill uploads content to `catbox.moe`, an external, untrusted image hosting service, adding an external dependency.
能力评估
Purpose & Capability
The skill's description and SKILL.md consistently describe calling Alibaba DashScope (wan2.6-t2i) and uploading results to catbox.moe — that is coherent. However the registry metadata lists no required environment variables while the SKILL.md explicitly requires DASHSCOPE_API_KEY. The missing declaration is an incoherence that affects user expectations of needed credentials.
Instruction Scope
The instructions are concrete (curl to DashScope, download to ~/Desktop, upload to catbox.moe) and stay within the stated purpose. Concerns: (1) SKILL.md includes a literal-looking API key (sk-ec7...), which may be a real secret or a placeholder — embedding keys in docs is risky; (2) the instructions write files to the user's Desktop and upload them to a third-party public host (catbox.moe) without asking for explicit consent in the flow; (3) the guide assumes presence of python3 and standard paths but the registry did not declare those prerequisites.
Install Mechanism
Instruction-only skill with no install steps and no code files — low install risk.
Credentials
Only one credential (DASHSCOPE_API_KEY) is needed according to the SKILL.md which is proportionate. But the registry claims no required env vars, creating an inconsistency. The embedded example API key is an additional risk (possible accidental secret disclosure). No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wan - 安装完成后,直接呼叫该 Skill 的名称或使用
/wan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
wan-image-gen v1.0.0
- Initial release of the wan-image-gen skill.
- Generates images using Alibaba DashScope wan2.6-t2i model.
- Downloads generated images directly to the user’s Desktop.
- Uploads images to catbox.moe for a public, shareable link.
- Includes step-by-step example workflow and error handling tips.
元数据
常见问题
wan-image-gen 是什么?
Generate images using Alibaba DashScope wan2.6-t2i model, download to Desktop, and upload to catbox.moe image hosting. Use when the user asks to generate, cr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 459 次。
如何安装 wan-image-gen?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wan」即可一键安装,无需额外配置。
wan-image-gen 是免费的吗?
是的,wan-image-gen 完全免费(开源免费),可自由下载、安装和使用。
wan-image-gen 支持哪些平台?
wan-image-gen 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 wan-image-gen?
由 Agentrix(@lxyd-ai)开发并维护,当前版本 v1.0.0。
推荐 Skills