face swap
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: face-swap Version: 1.0.5 The faceswap skill provides AI video processing by wrapping the verging.ai API, requiring broad permissions including `external_commands`, `network`, and `filesystem` (openclaw.json). The SKILL.md instructions direct the AI agent to construct and execute shell commands using `ffmpeg`, `ffprobe`, and `yt-dlp` with user-provided URLs and file paths, which introduces a significant risk of shell injection. While the behavior is consistent with the stated purpose and no evidence of intentional malice or data exfiltration was found, the high-risk capabilities and potential for exploitation via the command-line interface justify a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may download videos, process local media, and write temporary/output files when the user asks for a face swap.
The skill instructs the agent to run external media/download tools such as yt-dlp, ffmpeg, ffprobe, curl. This is expected for the stated media-processing purpose, but command execution should remain limited to user-selected files and URLs.
Try `yt-dlp "URL" -o /tmp/verging-faceswap/video.mp4`
Review the requested video/image paths and URLs before use, and avoid running the workflow on files you do not intend to upload or modify.
Anyone with the API key may be able to access the user's verging.ai API functions or spend credits.
The skill requires a verging.ai API key and also permits passing it as a command option. This is purpose-aligned for the provider API, but the key grants account/API access and may consume credits.
| --api-key | -k | Your API Key | VERGING_API_KEY env |
Prefer the VERGING_API_KEY environment variable over putting keys in command text, keep the key private, and rotate it if it is exposed.
Face images and videos may leave the device and be stored or served by the external provider/CDN.
The workflow uploads the user-selected video and face image to a provider-supplied storage URL and uses a public_url in the job request. This is expected for cloud face swapping, but the artifacts do not describe retention or access controls for uploaded media.
Upload video file to the presigned URL ... "public_url": "https://img.panpan8.com/face-swap/2026-03-11/xxx.mp4"
Use only media you are comfortable uploading to verging.ai/provider storage, avoid highly sensitive or non-consensual images, and review the provider's privacy and retention terms.
It is harder to verify that the skill is officially maintained by the claimed provider before giving it an API key and media.
The registry metadata does not provide a verifiable source repository or homepage for this credentialed network skill. This is a provenance gap rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Verify the publisher and install source before configuring VERGING_API_KEY, especially if using this with personal videos or face images.