ClawHub

seaart video

v1.0.3

Use this skill to generate high-quality AI videos using the SeaArt platform (seaart.ai). Supports both Text-to-Video and Image-to-Video generation using vari...

0· 56·0 current·0 all-time
by@foxwzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to generate videos via SeaArt and only requires a SeaArt session token (T cookie) plus Python and requests; those needs match the stated purpose. Model IDs, API endpoints, and parameters in the manifest and script align with video generation.
Instruction Scope
SKILL.md confines actions to checking for SEAART_TOKEN, collecting prompt/model/aspect data, and running the included Python script which contacts only seaart.ai endpoints. It asks users to set the token via /update-config and explicitly warns not to paste the token in chat. Minor issues: SKILL.md references running the script from ~/.claude/skills/... (an assumed install path) and the top-level registry metadata shows a broken 'Required env vars: [object Object]' entry — both are minor inconsistencies but not malicious.
Install Mechanism
There is no installer that downloads arbitrary code; the skill is instruction-only with an included Python script. The script uses the requests library (pip3), which is expected for HTTP API calls. No external or unusual download URLs or extract steps are present.
Credentials
Only one credential is requested (SEAART_TOKEN) and it is the correct type for authenticating to seaart.ai. The requested binaries (python3/pip3) are reasonable. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not have always:true. It instructs users to persist the SEAART_TOKEN in the agent config via /update-config; storing the token locally is reasonable for convenience but means the agent (if allowed to invoke skills autonomously) could call the SeaArt API without the user re-entering the token. This is expected behavior for API-integrations but worth noting for users who want stricter control.
Assessment
This skill appears to do what it says: it uses your SeaArt 'T' cookie to call seaart.ai endpoints via an included Python script. Before installing or saving your token: 1) Only set SEAART_TOKEN if you trust this skill and the environment where the agent stores config; the token is equivalent to a session cookie. 2) Prefer using a throwaway SeaArt account or revocable token if you are cautious. 3) If you do persist the token, ensure your agent config file is accessible only to you. 4) You can avoid persistence by providing the token each session instead of running /update-config. 5) Review the included script (scripts/generate.py) yourself — it appears to call only seaart.ai endpoints and does not write files, but verifying the full file is recommended. 6) Note minor metadata inconsistencies (the registry shows 'Required env vars: [object Object]' and SKILL.md path assumptions) — these are likely authoring bugs, not indicators of malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756nfery8rshrgm27zbn2m3x83ycy9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Env[object Object]

Comments