ClawHub

TikTok Video Maker

v1.0.3

Generate TikTok-style talking videos from a script and image using the LovelyBots API. Queue a video, poll for completion, and retrieve a download URL — all...

1· 109·0 current·0 all-time
byGeorge Gally@georgegally
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate TikTok-style talking videos via LovelyBots) align with requested resources: curl and python3 for HTTP and polling, and a single LOVELYBOTS_API_KEY for API authentication. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains concrete API calls (POST /api/create, GET /api/videos/:id), polling guidance, and examples that use only the declared env var and standard tools. It does not instruct reading unrelated system files, harvesting other credentials, or calling unknown external endpoints; all calls point to lovelybots.com/api or lovelybots.com.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk footprint. Nothing is downloaded or written to disk by an installer step.
Credentials
Only LOVELYBOTS_API_KEY is required and it's declared as the primary credential. This is proportional to the described API usage. No other secret-like env vars or config paths are requested.
Persistence & Privilege
always is false and the skill has no install hooks or instructions to modify other skills or system-wide configuration. Normal autonomous invocation is allowed (disable-model-invocation false) which is the platform default.
Assessment
This skill is internally consistent and appears to do what it says — call LovelyBots' API to queue and poll video renders. Before installing, consider: (1) Source verification: the package's Source is listed as "unknown" — confirm the publisher/URL (https://lovelybots.com/openclaw) is legitimate and trustworthy. (2) Secrets & cost: the LOVELYBOTS_API_KEY grants the skill the ability to make API calls that may consume paid credits — treat it as a secret, do not share it, and be prepared to rotate/revoke if needed. (3) Privacy: images and scripts you send will be uploaded to LovelyBots; do not send sensitive or private images unless you accept that. (4) Confirm endpoints: the docs reference https://api.lovelybots.com/api; verify that matches official LovelyBots docs to avoid typosquatting. (5) Autonomy: the skill can be invoked by the agent (normal default). If you do not want an agent to call external services automatically, disable model invocation or restrict use. If you need greater assurance, ask the publisher for a verified source (GitHub repo or signed publisher identity) and review LovelyBots' privacy/terms and billing behavior before enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97450gktc8hmtfy4hhamrr0fs83xgw4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binscurl, python3
EnvLOVELYBOTS_API_KEY
Primary envLOVELYBOTS_API_KEY

Comments