OpenFun
PassAudited by ClawScan on May 1, 2026.
Overview
OpenFun appears aligned with AI short-video creation, but it installs an external CLI, stores an OpenFun login token locally, and can automate batch renders that may use account credits.
Before installing, make sure you trust the openfun-cli npm package and are comfortable logging into OpenFun on this machine. When using the skill, give explicit limits for how many trends, remixes, and renders to create so it does not consume more plan credits than intended.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill adds a global command from npm that will be used to interact with the OpenFun service.
The skill installs and relies on an external npm CLI package. This is central to the stated video workflow, but the user is trusting that package and its provenance.
node | package: openfun-cli | creates binaries: openfun
Install only if you trust the OpenFun CLI package/source, and consider reviewing the npm package or repository before use.
Anyone or any process with access to that token may be able to use the associated OpenFun account and credits.
The skill requires logging into OpenFun and stores a persistent local auth token. This is expected for the service, but it grants access to the user's OpenFun account.
openfun login ... Login opens a browser for auth. Token persists in `~/.openfun/config.json`.
Protect the local token file, use only the intended OpenFun account, and revoke or log out if the device or token may be exposed.
An overly broad request could use up monthly remix/video credits or generate more content than intended.
The documented automation and batch rendering are purpose-aligned, but they can create multiple assets and consume plan quotas without additional CLI prompts.
No interactive prompts — fully automatable ... Batch multiple remixes, then render them all
Specify limits such as niche, count, brand, and maximum renders before asking the agent to run batch workflows.