Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
HeyGen Skills
v2.0.3Create HeyGen avatar videos via the v3 Video Agent pipeline — handles avatar resolution, aspect ratio correction, prompt engineering, and voice selection aut...
⭐ 0· 46·0 current·0 all-time
byEve@eve-builds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, and runtime instructions align with HeyGen video/avatar workflows and the single required credential (HEYGEN_API_KEY) is appropriate. However, the runtime docs instruct the agent to read `~/.heygen/config` for the API key even though the registry metadata lists no required config paths — that config path is effectively required by the SKILL.md but not declared in metadata.
Instruction Scope
SKILL.md explicitly lists the workspace files it will read/write (AVATAR-<NAME>.md, SOUL.md, IDENTITY.md, local log, /tmp uploads) and limits remote calls to api.heygen.com for asset/video operations. Still, the repo includes additional docs (eval guidance, CLAUDE.md) that reference external services (Notion tracker IDs) and an eval flow that could instruct an agent to post results externally if those documents are read/executed. The guidance to 'poll silently in a background process or subagent' is operationally sensitive because it encourages background network activity without user-facing status messages.
Install Mechanism
No install spec; instruction-only skill (lowest installation risk). There is one small shell script (scripts/update-check.sh) included and labeled opt-in/read-only; verify its contents before running, but no remote arbitrary binaries or extract/install steps are present.
Credentials
Only HEYGEN_API_KEY is required and is the declared primary credential, which is proportionate. Minor mismatch: the SKILL.md expects to load the key from `~/.heygen/config` as a fallback, but the registry metadata claims no required config paths. Also pay attention to the skill's ability to set a `callback_url` (optional) in API requests — providing external webhook URLs could send job completion data outside your environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes workspace-scoped AVATAR-<NAME>.md files and a local JSONL log, and suggests storing the API key in `~/.heygen/config` via a setup script — these are scoped to the user's environment and consistent with the skill's purpose. Nothing in the package indicates it will modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (HeyGen avatar + video pipeline) and only needs your HeyGen API key, but review a few things before installing: (1) Inspect the included setup script and scripts/update-check.sh before running — they write/read `~/.heygen/config`. (2) The skill will read/write AVATAR-<NAME>.md files in your workspace; confirm you are comfortable storing avatar metadata there. (3) Note the skill instructs silent background polling — decide if you want that behaviour or prefer visible status updates. (4) The docs contain optional webhook/callback guidance and hard-coded eval tracker IDs (Notion) in developer/eval docs; do not provide external callback URLs or tokens unless you trust the destination. (5) Because the metadata omitted the `~/.heygen/config` fallback path, either set HEYGEN_API_KEY in your environment or confirm where the skill will read it. If you want lower risk, run the skill in a controlled environment first (temporary key with limited permissions) and avoid enabling callbacks/webhooks until you've validated behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk973t1nyx6vaqetjgy80gxvdb184te6a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvHEYGEN_API_KEY
Primary envHEYGEN_API_KEY