Evolink Video — AI Video Generation (Sora, Kling, Veo 3, Seedance)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Creating or retrying videos may consume EvoLink credits.
The generation tool can create paid account activity by reserving or charging credits. This is central to the skill's purpose, but users should notice that generation is account-impacting.
`generate_video` ... `POST /v1/videos/generations` ... `usage.credits_reserved` | Credits charged for this task
Keep video generation user-directed, and use cost estimation or explicit confirmation before expensive models, high quality settings, or repeated retries.
Anyone or any connected tool using the key can act against the EvoLink account within that key's permissions, including generation and file-management actions.
The skill requires an EvoLink API key and makes it available for service calls. This is expected for the integration, but it is still a sensitive account credential.
`EVOLINK_API_KEY` authenticates all requests. Injected by OpenClaw automatically. Treat as confidential.
Use a dedicated EvoLink API key if possible, rotate it if exposed, and monitor account usage or billing.
Running the setup may execute updated external MCP code that was not part of this instruction-only artifact set.
The recommended MCP setup downloads and runs the latest npm package rather than a pinned version. This is disclosed and purpose-aligned, but future package changes would affect what code handles the API key and requests.
`npx -y @evolinkai/evolink-media@latest`
Review the referenced npm/GitHub package, prefer pinning a known version, and only run the MCP server from a trusted environment.
Sensitive prompts, reference images, or generated video URLs may be processed or accessible through EvoLink during the documented retention windows.
The skill clearly discloses that user prompts and media leave the local environment and are retained remotely for limited periods. This is necessary for the service, but it is a privacy boundary.
Prompts and images are sent to `api.evolink.ai`. Uploaded files expire in **72h**, result URLs in **24h**.
Avoid uploading confidential, personal, or regulated media unless you are comfortable with EvoLink processing it; delete hosted files when no longer needed.