ClawHub

Bona Movie Production

v1.0.1

Bona Movie Production is Bona Group's film-grade production skill. It covers image generation, image editing, and video generation, using Nano Banana 2 and N...

2· 150·0 current·0 all-time
byGenaro Kaba@chengzipidaily
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (image generation, editing, video) match the included Python client and SKILL.md which call model endpoints (generate_image_*, generate_video_*). The required BONA_API_KEY is expected for an API-backed generation service.
Instruction Scope
SKILL.md instructs setting BONA_API_KEY and running the provided Python script with arguments; it only references generating images/videos, polling task status, and using image URLs. There are no instructions to read unrelated system files or export other secrets.
Install Mechanism
No install spec is provided (instruction-only skill with a bundled script). The declared dependency is requests and Python 3.9+, which matches the script's usage. There are no downloads from untrusted URLs or archive extraction steps.
Credentials
Only BONA_API_KEY (required) and an optional TENCENT_VIDEO_TIMEOUT are declared. These are proportionate: the client authenticates to create.bonanai.com and the timeout variable is plausibly used for long-running video generation.
Persistence & Privilege
Skill is not always-enabled, does not request system-wide config paths, and does not declare elevated persistence. The bundled script interacts with remote APIs but does not appear to modify other skills or global agent settings.
Assessment
This skill appears coherent for calling Bona's create.bonanai.com generation APIs and only requires a single BONA_API_KEY. Before installing: (1) confirm you trust the endpoint create.bonanai.com and the skill author, since the key grants API access; (2) run the script in an isolated environment or sandbox if you are unsure; (3) review the full script for any code paths that upload local files or send data to other domains (the provided snippet looks benign, but the file was truncated in the review); (4) store and rotate the API key as you would any service credential; (5) ensure the runtime has requests installed and that network access to the service is allowed.

Like a lobster shell, security has layers — review code before you run it.

latestvk9757dzvg5n2gzxcafyqyf01p983cvvx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments