ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Veo3 Video Gen

v1.0.0

Generate and stitch short videos via Google Veo 3.x using the Gemini API (google-genai). Use when you need to create video clips from prompts (ads, UGC-style...

0· 393·1 current·1 all-time
byZero2Ai@zero2ai-hub
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and bundled script clearly require a Gemini API key (GEMINI_API_KEY) and call a Google Veo model via the google-genai SDK; however the registry metadata lists no required environment variables or primary credential. That mismatch is an incoherence between what the skill needs and what the package declares.
Instruction Scope
Instructions are narrowly focused on generating video, polling the API, downloading files, optionally extracting last frames and concatenating segments with ffmpeg. The script uses subprocess to call ffmpeg and runs a shell check for binaries — these are expected for this functionality. SKILL.md references storing the key in 'openclaw.json' (second key) which is an unexpected storage hint and should be clarified.
Install Mechanism
This is instruction-only with a bundled Python script. There is no install spec that downloads arbitrary code from an external URL. The script declares dependencies (google-genai, pillow) in a header comment; that is normal for a Python script meant to be run in an environment that installs dependencies.
!
Credentials
The runtime requires GEMINI_API_KEY (or --api-key) to call the Gemini/Veo API which is appropriate for the stated purpose, but the registry metadata omits this required environment variable. The skill also asks users to provide keys and mentions fallback to other skills (Runway) — ensure no additional credential requirements are hidden.
Persistence & Privilege
The skill does not request always:true, system-wide config changes, or other elevated privileges. It reads/writes local files (output MP4s, intermediate PNGs) which is expected for this use.
What to consider before installing
This skill appears to implement Veo/Gemini video generation, but the package metadata failing to declare GEMINI_API_KEY is a red flag. Before installing: (1) confirm the publisher/source and ask them to correct the metadata to list GEMINI_API_KEY as required; (2) run the script in an isolated environment (container/VM) the first time; (3) restrict the GEMINI_API_KEY to minimal billing/quota and rotate it after testing; (4) inspect the full generate_video.py (you have a truncated copy here) to ensure there are no unexpected network endpoints or data-exfiltration steps; (5) ensure ffmpeg and any dependencies are installed from trusted sources. If the source is unknown/untrusted, do not provide production API keys or sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fgrb358grsy74gabwmdsgr1823mp2
393downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
Zero2Ai@zero2ai-hub
latest
Download

Veo 3 Video Generation (Gemini API)

Use the bundled script to generate an MP4 from a text prompt.

Generate (text → video)

uv run {baseDir}/scripts/generate_video.py \
  --prompt "A close up of ..." \
  --filename "out.mp4" \
  --model "veo-3.1-generate-preview" \
  --aspect-ratio "9:16" \
  --poll-seconds 10

Generate a longer video by stitching segments

Veo commonly outputs ~8s clips per request. Use --segments to generate multiple clips and concatenate them with ffmpeg.

Important: This skill sends one prompt per segment (one Veo request per segment). Use --base-style to keep style consistent across segments.

uv run {baseDir}/scripts/generate_video.py \
  --prompt "Same scene, consistent style..." \
  --filename "out-24s.mp4" \
  --model "veo-3.1-generate-preview" \
  --aspect-ratio "9:16" \
  --segments 3 \
  --segment-style continuation

Options:

  • --base-style "...": prepended to every segment prompt (recommended).
  • --segment-prompt "..." (repeatable): provide one prompt per segment (overrides --prompt).
  • --segment-style continuation (default): appends continuity instructions per segment (only when using --prompt).
  • --segment-style same: uses the exact same prompt for each segment (only when using --prompt).
  • --use-last-frame: for segment >=2, extract previous segment last frame and pass it as lastFrame for continuity.
  • --emit-segment-media: print MEDIA: for each segment as it finishes (useful for progress).
  • --keep-segments: keep intermediate *.segXX.mp4 files.
  • --reference-image path.jpg (repeatable): guide generation with product/style references.

Requirements

  • GEMINI_API_KEY env var (or --api-key).
  • ffmpeg on PATH when using --segments > 1.

Troubleshooting

  • 429/RESOURCE_EXHAUSTED: API key has no quota/billing for video.
  • 503/UNAVAILABLE: model overloaded; retry later.

Rate Limits & Fallback

  • Veo 3.1 has per-minute quota — on 429, wait 60s and retry
  • Fallback to Runway Gen4 Turbo when rate-limited (use skill-runway-video-gen)
  • Key location: GEMINI_API_KEY env var (second key in openclaw.json)

Rate Limits & Fallback

  • Veo 3.1 has per-minute quota — on 429, wait 60s and retry
  • Fallback to Runway Gen4 Turbo when rate-limited (use skill-runway-video-gen)
  • Key location: GEMINI_API_KEY env var

Comments

Loading comments...