neo-ai

This skill appears to implement exactly what it claims: it calls Neodomain endpoints to generate images and videos and requires NEODOMAIN_ACCESS_TOKEN. Before installing, consider: - Trust & token scope: The NEODOMAIN_ACCESS_TOKEN gives the skill access to your Neodomain account (generate jobs, possibly view/upload media). Only install if you trust the Neodomain provider and this skill's author. Treat that token like any API secret. - Uploads of your files: Storyboard/reference images are uploaded to the provider's OSS (the code calls a provider STS endpoint and then uploads to an OSS bucket). Do not point the tool at sensitive local files unless you intend to upload them. - Login flow & personal contact: The provided login flow sends a verification code to a phone number or email you supply. That is required to obtain a token — only provide contact information you are comfortable sharing with the provider. - Dependencies & runtime: There is no install manifest. The scripts expect python3 and at least the 'oss2' package for OSS uploads. If you run locally, install required Python packages in a controlled environment (venv) and review the scripts before running. - Network endpoints: All network activity is to story.neodomain.cn and related OSS hosts; confirm those endpoints are what you expect for Neodomain. If you need a higher assurance, review the code and the provider's documentation or run the scripts in an isolated environment first. If these behaviors are acceptable, the skill is coherent with its purpose. If you are uncertain about trusting the remote endpoints or exposing media/tokens, do not install or run until you confirm provenance and inspect the code yourself.