ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Video Generation (t2v & i2v)

v1.0.1

AI Video generation toolkit — generate videos from text prompts or input images using multiple AI models (Veo 3.1, Veo 3, Seedance 1.5 Pro, Wan 2.5, Grok Ima...

0· 254·1 current·1 all-time
by@gentleyo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (text→video, image→video) match the included Python scripts and SKILL.md. The skill depends on the external inference.sh CLI and optionally image hosting services (ImgBB/SM.MS), which is appropriate for this functionality.
Instruction Scope
Runtime instructions stay within video generation: they invoke inference.sh and (for image→video) upload images to SM.MS or ImgBB, then run the CLI and save outputs. Two minor scope notes: the scripts load .env files from the skill directory and the current working directory (which can populate environment variables), and uploaded images are transmitted to third-party hosts — both are expected for the stated features but are material to privacy.
Install Mechanism
No built-in install spec; SKILL.md instructs users to install the well-known inference.sh CLI (npm/pip) and to install Python deps via requirements.txt. No downloads from arbitrary URLs or archive extraction in the skill bundle.
Credentials
The skill does not require any platform credentials by default. It optionally uses IMGBB_API_KEY (or --api-token) to upload images to ImgBB; SM.MS can be used anonymously. The scripts read .env files (skill root and cwd) and populate environment variables, which is convenient but means local secrets in .env may be loaded into the process (the code does not exfiltrate those env vars).
Persistence & Privilege
The skill does not request persistent always-on privileges, does not modify other skills, and only writes generated video files to a local outputs directory. Autonomous invocation is allowed by default but is typical for skills and not excessive here.
Assessment
This skill appears to do what it says: it calls the inference.sh CLI to generate video and (for image→video) uploads images to ImgBB or SM.MS. Before installing, ensure you: (1) trust the inference.sh CLI you install (install from the official source), (2) avoid uploading sensitive/private images to third-party hosts (ImgBB/SM.MS will receive the image), (3) be aware the scripts load .env from the skill folder and the current working directory (so do not keep secrets you don't want the skill process to see in .env in those locations), and (4) run in an isolated environment if you have concerns about executing external binaries or network uploads.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fn8wdnzsg8a237dyzr806ex82zwtt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments