AI Notes Video
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-notes-video Version: 1.0.0 The skill is designed to generate AI notes from a video URL using Baidu's API. It requires a `BAIDU_API_KEY` from the environment, which is used for authentication with the legitimate Baidu Qianfan API endpoint `https://qianfan.baidubce.com`. The Python scripts (`scripts/ai_notes_task_create.py` and `scripts/ai_notes_task_query.py`) perform standard HTTP requests to this endpoint, passing the video URL or task ID. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` that would lead to harmful actions by the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Baidu API credential and may consume that account's API quota or access rights for this notes workflow.
The script reads a Baidu API key from the environment and uses it as a bearer token for the Baidu API.
api_key = os.getenv("BAIDU_API_KEY") ... "Authorization": "Bearer %s" % api_keyUse a Baidu API key intended for this purpose, avoid sharing broad or production credentials, and rotate or revoke the key if it is no longer needed.
Baidu receives the video URL and may access or process the linked video content.
The user-provided video URL is sent to Baidu's Qianfan API so Baidu can create the AI notes task.
url = "https://qianfan.baidubce.com/v2/tools/ai_note/task_create" ... params = { "url": video_url } ... requests.post(url, headers=headers, json=params)Only submit video URLs that you are comfortable sharing with Baidu, especially if the URL is private, signed, or points to confidential content.
The skill may fail or ask for credentials/dependencies that were not surfaced in the registry metadata.
The registry metadata under-declares setup requirements because SKILL.md and the scripts require Python and BAIDU_API_KEY, and the scripts import the requests package.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Before use, verify that Python, the requests package, and BAIDU_API_KEY are intentionally configured in the runtime environment.