OpenVid
v1.0.7Generate branded 15-180 second HD motion graphics explainer videos by providing a prompt with brand info and URL via OpenVid on Base network.
⭐ 2· 739·0 current·0 all-time
by@aklo360
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description claim a branded motion-graphics video generation service and the SKILL.md only documents HTTP API calls to gateway.openvid.app and an on-chain payment flow. The skill requests no environment variables, no binaries, and has no install step — all of which are proportionate to an instruction-only API wrapper.
Instruction Scope
Runtime instructions are limited to: POST to /v1/video/generate, handle 402 payment responses, pay on-chain, resend with X-Payment, and poll job status. The document explicitly states the service fetches any provided public URL to extract brand assets and warns not to send internal/private URLs. There are no instructions to read local files, access unrelated env vars, or send data to unexpected endpoints beyond gateway.openvid.app and the documented payment networks.
Install Mechanism
No install spec and no code files — the skill is instruction-only. This minimizes disk/write risk and matches the declared design (documentation for an external API).
Credentials
The skill declares no required environment variables or credentials. It references the agent's wallet for signing on-chain payments but does not request private keys or other secrets. This is proportionate: a pay-per-call API requires payment signing, and the skill correctly delegates signing to the agent/wallet infrastructure.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous-invocation defaults. It does not request persistent system changes or modify other skills' configuration.
Assessment
This skill simply documents a paid external API and appears internally consistent, but take these precautions before installing or using it:
- Confirm the endpoint (gateway.openvid.app) and website (openvid.app) are legitimate and match the vendor you expect.
- Never send private/internal URLs or proprietary content; the service fetches any URL you provide and will see its contents.
- The payment flow requires your agent/wallet to sign on-chain transactions. Ensure your agent's wallet is configured to require user approval for payments and will not auto-pay without explicit consent.
- Double-check the on-chain payTo addresses and amounts returned in the 402 response before sending funds. Consider testing with the smallest amount first.
- Verify the retention policy (videos stored 7 days) and confirm that meets your privacy/compliance needs.
- If you rely on ClawHub/third-party listings, validate the publisher identity (AKLO Labs / linked website) independently.
If you need stronger assurance, ask the skill author for an API manifest or an official integration URL and test a single request manually (curl) to observe the 402 flow and payment metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk975gma23drqphw2ff3tapce5981e0kt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.