vwu.ai Veo Models
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: vwu-veo Version: 1.0.0 The skill bundle provides a command-line interface for the vwu.ai API. However, the script `vwu-chat.sh` contains a shell injection vulnerability because it expands the `$PROMPT` and `$MODEL` variables directly within a double-quoted string in the `curl` command. This allows for arbitrary command execution on the host system if the input contains shell metacharacters (e.g., `$(command)` or backticks). While the script appears intended for legitimate API interaction, the lack of input sanitization poses a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The key can authorize paid or quota-limited vwu.ai API usage, and a small key prefix could appear in logs or chat transcripts.
The script authenticates with a vwu.ai bearer API key and may print a masked prefix on quota errors. This is expected for the stated service, but it is still account/quota authority and the registry metadata does not declare a primary credential.
-H "Authorization: Bearer $VWU_API_KEY" ... echo "当前 key: ${VWU_API_KEY:0:8}***"Use a dedicated vwu.ai API key with appropriate quota limits, avoid sharing logs that include key fragments, and declare VWU_API_KEY as a required credential in metadata.
Prompt contents leave the local environment and are sent to the configured API endpoint.
The user prompt is transmitted to vwu.ai, or to a different endpoint if VWU_BASE_URL is set. This is central to the skill's purpose, but it defines an external data boundary.
VWU_BASE_URL="${VWU_BASE_URL:-https://vwu.ai}" ... "$VWU_BASE_URL/v1/chat/completions" ... "content": "$PROMPT"Do not include secrets or sensitive private data in prompts unless you trust the provider's handling, and only set VWU_BASE_URL to a trusted HTTPS endpoint.
The skill may fail at runtime or rely on local tools the user did not expect.
The helper script depends on zsh, curl, and jq, while the provided requirements declare no required binaries and there is no install spec. The dependencies are purpose-aligned but under-declared.
#!/bin/zsh ... response=$(curl -s ...); ... jq -r '.choices[0].message.content'
Declare the required binaries in metadata or verify that zsh, curl, and jq are available before use.
Following the example exactly may send the wrong arguments or produce an API error.
The documented example uses a --model flag, but vwu-chat.sh prints the actual usage as `vwu-chat <model> <prompt>`. This mismatch appears operational rather than deceptive, but it could cause incorrect invocation.
vwu-chat --model veo-2.0-generate-001 "你的问题"
Use the script's positional format, such as `vwu-chat veo-2.0-generate-001 "你的问题"`, or update the documentation to match the helper.