扫描报告
5 /100
bailian-image-gen
Alibaba Cloud Bailian Qwen Image 2.0 image generation with ComfyUI integration
Alibaba Cloud Bailian image generation skill with legitimate API integration, no malicious behavior detected.
可以安装
This skill is safe to use. No security concerns identified.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Dependencies not version-pinned 供应链 | requirements.txt:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | Line 62-63 in bailian_image_gen.py reads .env; Image.open() reads images |
| 文件系统 | WRITE | WRITE | ✓ 一致 | download_image() writes output files (bailian_image_gen.py:130) |
| 网络访问 | READ | WRITE | ✓ 一致 | requests.post() to dashscope.aliyuncs.com API (bailian_image_gen.py:73) |
| 环境变量 | READ | READ | ✓ 一致 | os.environ.get('DASHSCOPE_API_KEY') is standard credential access |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
1 项发现
中危 外部 URL 外部 URL
https://dashscope.aliyuncs.com/api/v1 scripts/bailian_image_gen.py:36 目录结构
5 文件 · 23.0 KB · 728 行 Python 2f · 419L
Markdown 1f · 196L
JSON 1f · 111L
Text 1f · 2L
├─
▾
assets
│ └─
comfyui_workflow.json
JSON
├─
▾
scripts
│ ├─
bailian_image_gen.py
Python
│ └─
comfyui_bailian_node.py
Python
├─
requirements.txt
Text
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | >=2.28.0 | pip | 否 | Version not pinned |
Pillow | >=9.0.0 | pip | 否 | Version not pinned |
安全亮点
✓ No shell or subprocess execution - uses only HTTP API calls
✓ API key is only sent to legitimate Alibaba Cloud endpoint (dashscope.aliyuncs.com)
✓ base64 encoding is standard practice for image API requests, not obfuscation
✓ No credential harvesting or exfiltration - key used only for authentication
✓ No hidden functionality - all behavior matches documentation
✓ No suspicious network patterns - only connects to documented API endpoint
✓ Clean code structure with proper error handling
✓ Environment variable loading follows standard Python practices