Skillv1.0.0

ClawScan security

Video Pro by cza999 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 7:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches a text→video generator, but there are inconsistent/declarative mismatches (undeclared required env and binaries), local scripts persist sensitive keys in plaintext logs/config, and the SKILL.md advertises external APIs/endpoints that the bundled scripts do not call — the combination merits caution.
Guidance: This skill appears to be a legitimate text→video generator, but there are several things to check before installing: 1) The SKILL.md requires OPENAI_API_KEY and a license key but the package metadata doesn't declare them — expect to provide your OpenAI key and a license. 2) The scripts write license keys and user-provided scripts into files and logs under $HOME/.video-pro and the project output; the activation script saves and appends the license key in plaintext — avoid entering high-value or reused secrets until you trust the code and hosting. 3) The skill instructs you to clone an external GitHub repo (ZhenRobotics/openclaw-video) and to run npm install; inspect that repository for any network calls or unexpected scripts before running. 4) The SKILL.md advertises remote APIs/webhooks (api.video-pro.cza999.com) — those are external services; only send license keys or personal data to those endpoints after verifying the vendor. 5) Ensure your system has required tools (jq, ffprobe/ffmpeg, uuidgen, git, node, npm) — the manifest only lists git/node/npm; missing declarations are a sign to audit manually. Recommended actions: inspect the GitHub repo and the scripts in it, run the activation step in a restricted environment or with test keys, and avoid using production/OpenAI billing keys until you confirm there is no unexpected network exfiltration in the full codebase.

Review Dimensions

Purpose & Capability: noteThe name, description, and scripts align with a text→video generation tool that may use an external video project (openclaw-video) and OpenAI for TTS/LLM work. The repository dependency and git+npm workflow are coherent for this purpose. However metadata and runtime instructions do not fully declare all real requirements (see environment/binaries below), and the README/API claims (hosted API, webhooks) rely on external services not implemented in the included scripts.
Instruction Scope: concernSKILL.md instructs the user to set OPENAI_API_KEY and to provide a license key (VIDEO_PRO_LICENSE) and to clone a GitHub repo. The bundled scripts require and read/write files under $HOME/.video-pro and write logs that include the provided license and user scripts. The SKILL.md also provides curl examples that would send a license key to api.video-pro.cza999.com — the included scripts do not perform such network calls, which is an inconsistency the user should notice before sending secrets to external endpoints.
Install Mechanism: noteThere is no registry install spec in the package itself, but SKILL.md and _meta.json instruct cloning an external GitHub repo (ZhenRobotics/openclaw-video) and running npm install. Cloning a known GitHub repo is typical; nothing in the included scripts downloads or executes code from arbitrary IPs or paste sites. Still, the external repo is required and should be reviewed before installation.
Credentials: concernThe skill asks the user to set OPENAI_API_KEY and an optional VIDEO_PRO_LICENSE in SKILL.md, but the published metadata lists no required env vars. The runtime scripts in this package explicitly require OPENAI_API_KEY and also rely on tools/utilities (jq, ffprobe, uuidgen, ffprobe/ffmpeg tools) not declared in the manifest. The activation script persists license_key and writes it (plaintext) to $HOME/.video-pro/license.key and also appends it to activation.log, which is a sensitive practice that could expose secrets if the host is compromised or logs are collected.
Persistence & Privilege: concernThe skill creates and writes configuration and logs under the user's home (~/.video-pro and project output/logs). That is expected for an app, but the activation script stores license keys and writes lines containing license_key | $USER@hostname to activation.log in plaintext — a privacy/security risk. The skill is not marked always:true and does not alter other skills, but its local persistence of secrets and logs is significant and requires user attention.