ClawHub

OATDA Video Status

v1.0.2

Check the status of an asynchronous video generation task from OATDA. Triggers when the user wants to check if a video is done generating, retrieve the video...

0· 40·0 current·0 all-time
by@devcsde
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested artifacts: curl and jq are needed to make and parse the HTTP GET, OATDA_API_KEY is the expected credential, and ~/.oatda/credentials.json is the expected local config. There are no unrelated credentials, binaries, or surprising capabilities requested.
Instruction Scope
SKILL.md limits actions to resolving the API key (env or the declared credentials.json) and issuing a GET to https://oatda.com/api/v1/llm/video-status/<TASK_ID>. It does not instruct reading other files, scanning system state, or sending data to third-party endpoints outside oatda.com. It also includes a clear admonition to avoid printing the full API key.
Install Mechanism
This is instruction-only with no install spec and no downloaded code. That is the lowest-risk install posture and consistent with the skill's function.
Credentials
Only a single service credential (OATDA_API_KEY) and a single config path (~/.oatda/credentials.json) are required, which is proportional to the task. No unrelated secrets or numerous env vars are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or elevated privileges. The default ability for the model to invoke the skill autonomously is normal for skills and is not combined with other concerning factors here.
Assessment
This skill appears to do only what it says: read your OATDA API key (from the declared credentials file or env) and call the OATDA status endpoint. Before installing, confirm you trust the oatda.com service and that ~/.oatda/credentials.json is the file you expect. Do not paste your full API key into chat; the skill already instructs not to print it. Consider using a least-privilege/rotatable API key for automation and rotate it if you suspect accidental exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efgbxh1wmmqd2dnphnvrdvd845d7y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📹 Clawdis
Binscurl, jq
EnvOATDA_API_KEY
Config~/.oatda/credentials.json
Primary envOATDA_API_KEY

Comments