Jiuma AI Video Generation (Free)
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a normal Jiuma video-generation integration, but it stores a Jiuma login token and can upload user-selected local files to Jiuma.
Install only if you trust the Jiuma service and this package owner. Use your own authorization flow, confirm any local file path before uploading, and remove the saved keyring token when you no longer want the skill to access your Jiuma account.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generation, upload, and status-check calls will run under the authorized Jiuma account until the token expires or is removed.
The skill saves a Jiuma authorization token locally for later authenticated API use. This is purpose-aligned, but it is still account authority that persists beyond a single command.
keyring.set_password("jiuma_ai", "authorized_token", token)Authorize only the intended account, do not reuse sample identification codes, and delete the `jiuma_ai` / `authorized_token` keyring entry if you stop using the skill.
If the wrong path is supplied, a private local file could be uploaded to the Jiuma service.
The upload helper can read any path supplied to `--file_path` and send that file to Jiuma. This is expected for media generation, but it depends on the user/agent selecting the right file.
with open(os.path.expanduser(file_path), 'rb') as f: ... requests.post(url, files=files, headers=headers, timeout=60)
Use this upload command only for files you intentionally want to share with Jiuma, and verify the path before running it.
The exact dependency versions installed may vary by environment.
The skill documents manual package installation without version pins or an install spec. This is not suspicious by itself, but it is a provenance/reproducibility consideration.
pip install keyring pip install keyrings.alt
Install dependencies from trusted package sources, and prefer pinned versions or a declared install spec if you need reproducible setup.