Tensorslab Video
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent TensorsLab video-generation helper; use it only if you are comfortable providing a TensorsLab API key and sending chosen prompts/images to that service.
Before installing, confirm you are comfortable installing the Python dependency, setting a TensorsLab API key, potentially spending account credits, sending selected prompts/images to TensorsLab, and saving generated videos locally. Avoid sensitive source images unless you trust the provider's handling, and review the script's proxy setting if your network requires proxy use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill requires granting the script access to a TensorsLab API key, and generation may consume account credits.
The skill requires an account API key to call TensorsLab. This is purpose-aligned, but the registry metadata lists no required environment variables or primary credential, so users may miss the account-access requirement.
Requires TENSORSLAB_API_KEY environment variable.
Use a dedicated TensorsLab API key if possible, avoid sharing logs that might contain task details, and update the metadata to declare the required credential.
Private prompts or source images provided to the skill will be transmitted to TensorsLab for processing.
The script sends the prompt and any selected local source image files to the external TensorsLab API. This is disclosed and expected for image/video generation, but it is still a third-party data flow.
files = [("prompt", (None, prompt)), ...]; files.append(("sourceImage", (os.path.basename(img_path), f))); response = _SESSION.post(endpoint, headers=headers, files=files, timeout=60)Only provide images and prompts you are comfortable sending to TensorsLab, and review the provider's data-handling terms if the content is sensitive.
The installed dependency version will come from the user's current Python package index and environment, which can affect reproducibility and supply-chain assurance.
The skill instructs users to install an unpinned dependency manually, while the install specs do not declare a dependency or lockfile. `requests` is a normal dependency for this API client, but the exact package version is not controlled by the artifacts.
pip install requests
Install dependencies in a trusted environment, and prefer a pinned requirements file or formal install spec for repeatable installation.
TensorsLab API calls and result downloads may not follow the user's usual proxy path.
The script configures its requests session with empty HTTP/HTTPS proxy settings. This appears scoped to the skill's API/download session, but users who rely on a configured network proxy should notice it.
_SESSION.proxies = {"http": "", "https": ""}If your environment requires a proxy for security, privacy, or policy reasons, review or adjust the session proxy settings before use.