qwen-vision

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script located at ${CLAUDE_PLUGIN_ROOT}/skills/qwen-vision/scripts/qwen_bridge.py using python3 to facilitate multimodal analysis.
  • [EXTERNAL_DOWNLOADS]: Requires the installation of the dashscope Python package from standard package registries to interact with the Qwen API.
  • [DATA_EXFILTRATION]: Transmits user-provided video and image files to the Alibaba Cloud DashScope API for processing. This transmission is the primary intended function of the skill and is clearly documented.
  • [SAFE]: Manages API authentication using the DASHSCOPE_API_KEY environment variable, which is a standard security practice for avoiding hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:20 PM
Security Audit — agent-trust-hub — qwen-vision