Ai Video Remix
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent video-remix helper, with cautions around its separately cloned runtime, required ShotAI token, optional LLM keys, and possible use of video-library metadata with the selected LLM provider.
This appears safe to consider if you want a ShotAI-based local video remix workflow, but review the separate GitHub runtime before running it, protect the ShotAI/LLM credentials in your .env file, and use local or no-LLM mode for private video libraries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the tool means trusting the separately cloned repository and its npm dependencies, not just the installed skill files.
The reviewed skill package is documentation-only and instructs users to fetch and run separate Node runtime code and dependencies from GitHub.
This skill does not bundle runtime code. Clone the source repository first. ... git clone https://github.com/abu-ShotAI/ai-video-remix.git ... npm install ... npx tsx src/skill/cli.ts
Clone only from the expected repository, consider pinning or reviewing the commit and dependency lockfile, and verify the working directory before running npm install or npx.
If the .env file or tokens are exposed, someone could access the configured ShotAI MCP server or use the configured LLM account.
The configuration uses a ShotAI MCP token and can optionally use LLM provider API keys. These credentials are expected for the workflow, and the artifacts do not show hardcoding or leakage.
SHOTAI_TOKEN=<token> ... ANTHROPIC_API_KEY=sk-ant-... ... OPENAI_API_KEY=sk-... ... OPENAI_COMPAT_API_KEY=sk-...
Keep .env private, use trusted local/LLM endpoints, avoid committing credentials, and rotate tokens if they may have been exposed.
Private video names, tags, summaries, or samples may become part of prompts sent to the selected LLM provider when LLM/probe modes are used.
The skill can use external or OpenAI-compatible LLM providers, and probe mode uses local video-library metadata as planning context.
Works with any OpenAI-compatible LLM API ... Probe mode (`--probe`): Scans library videos first (names, shot samples, mood/scene tags), then LLM generates custom slots tailored to what actually exists.
For sensitive footage, use AGENT_PROVIDER=none or a trusted local provider such as Ollama, avoid probe mode unless needed, and review the selected provider’s privacy/retention policies.