ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AIML Generate images and videos

v1.0.2

Generate images or videos via AIMLAPI from prompts. Use when Codex needs reliable AI/ML API media generation with retries, explicit User-Agent headers, and a...

0· 1.4k·4 current·6 all-time
byAI/ML API@aimlapihello
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared env var (AIMLAPI_API_KEY), example endpoints (/v1 images, /v2 video), and included scripts all align with a media-generation helper for AIMLAPI.
Instruction Scope
SKILL.md only instructs exporting AIMLAPI_API_KEY and running the provided scripts. The scripts perform expected actions: build payloads, POST to AIMLAPI, poll the async video endpoint, and download returned media. They do not read unrelated system files or request unrelated credentials.
Install Mechanism
No install spec (instruction-only) and bundled scripts only; nothing is downloaded during install and no external installers or archive extraction are used.
Credentials
Only AIMLAPI_API_KEY is required (with optional --apikey-file). That matches the skill's purpose. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not always-enabled, does not request elevated/system-wide persistence, and does not modify other skills or agent configs.
Assessment
This skill appears to do what it says: it requires AIMLAPI_API_KEY and will POST prompts to api.aimlapi.com and download returned media URLs. Before installing, verify the AIMLAPI service and that you trust the skill source (homepage unknown). Protect the API key (use a scoped key if possible, and secure any --apikey-file). Be aware that downloaded media URLs come from the remote API — validate or sandbox usage if you worry about malicious payloads or unexpected content. Finally, avoid including sensitive data in prompts sent to the remote API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ctpb34qc7bzn5h4qkxwz1bx81w7aq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
AIMLAPI_API_KEYrequired

Comments