AITuber AI Video Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent AITuber API guide, but it needs your AITuber API key and can make video-generation/export requests against your account.
Install this if you want your agent to create AITuber videos through your account. Before using it, set the API key deliberately, avoid sending confidential scripts or ideas unless you are comfortable sharing them with AITuber, review actions that may consume credits, and separately verify any optional npx/MCP server installation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad user request could cause the agent to create/export videos or download files through AITuber.
The skill gives the agent curl/WebFetch capability for API calls and Read/Write capability for local files. This fits the video API and download workflow, but users should notice that the agent can make network requests and save files when the skill is invoked.
allowed-tools: Bash(curl:*) WebFetch Read Write
Review generated video settings before creation/export, specify download locations, and avoid asking the agent to run large batches unless you intend to use credits or paid account capacity.
Anyone or any agent session with access to this environment variable may be able to use your AITuber account according to that key's permissions.
The skill requires an AITuber API key for account-backed actions such as video generation, export, listing videos, and subscription/credit checks. This is expected for the service and is disclosed.
All endpoints except `GET /voices` require a Bearer token... Store the key in the `AITUBER_API_KEY` environment variable.
Use a dedicated AITuber API key, keep it out of shared logs/files, rotate it if exposed, and confirm account-impacting actions before running them.
If you follow the optional install commands, you may run code from external package sources not included in this artifact review.
The README includes user-run commands that fetch/install external packages, including an optional MCP server. They are not hidden or automatic, but they are outside the instruction-only skill artifact.
`npx skills add aituberapp/ai-video-skill` ... `npx -y @aituber/mcp-server`
Install only from the official AITuber sources you trust, prefer pinned versions where possible, and review the MCP server separately before enabling it.