aigc-director
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its AI-video purpose, but it asks the agent to read API keys and runs a broadly reachable local web/API service that may expose generated and session data.
Install only if you are comfortable running a local web app and connecting it to paid AI-provider accounts. Before use, remove or rotate any hardcoded keys, do not let the agent print your .env secrets, bind the backend to localhost unless LAN access is truly needed, restrict CORS/authenticate the API, and periodically clean the stored session and generated-media files.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
OpenAI, Gemini, DashScope, Volc/Kling, or other provider keys could be exposed in chat logs, agent context, or debugging output.
The required pre-flight check would print API-key lines from the user's .env file into the agent/session context instead of only checking whether keys are configured; registry metadata also declares no required env vars or primary credential.
cat aigc-claw/backend/.env | grep -E "API_KEY|KEY"
Replace this with a redacted presence check, declare the expected credentials, and never display full secret values to the agent or user.
If real provider keys are embedded in the package, they could grant unintended account access or incur usage costs for whoever owns those keys.
The static scan reports possible hardcoded API secret literals here and in multiple other provider clients; the snippets are redacted, so the exact value should be manually verified.
self._official_client = OpenAI(api_key=[REDACTED], **kwargs)
Inspect all redacted secret findings, remove any literal credentials from source, rotate exposed keys, and load credentials only from user-controlled environment variables or secret storage.
Other devices or web pages on the same network could potentially call workflow APIs, consume model credits, alter sessions, or fetch generated files if the service is reachable.
The backend enables broad cross-origin access and statically serves the whole CODE_DIR; combined with the skill's instruction to share a local IPv4 URL, the local tool may be reachable beyond the user's own browser.
allow_origins=["*"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
...
app.mount("/code", StaticFiles(directory=settings.CODE_DIR), name="code")Bind to 127.0.0.1 by default, add authentication for workflow APIs, restrict CORS to the frontend origin, and statically serve only the specific generated-media directory needed by the UI.
Private ideas, prompts, generated media metadata, and workflow state may remain on disk and could be exposed through the local web service if access is not restricted.
Session state and artifact metadata are persisted under backend/code; api_server.py mounts settings.CODE_DIR at /code, so persisted session data may sit inside a statically served tree.
会话状态和产物元数据存储在 `aigc-claw/backend/code/data/sessions/` 目录下
Store session state outside the static web root, document retention and cleanup, and require authentication before serving session metadata or generated private assets.
A network attacker could tamper with downloaded media or responses used in the video workflow.
The static scan shows HTTPS certificate verification disabled during image processing or download, which is not required by the stated purpose.
verify=False,
Remove verify=False, validate certificates by default, and only allow an explicit documented override for controlled troubleshooting.
Dependency installation can run third-party code on the user's machine if the manifests or packages are compromised.
The local app requires user-directed Python and npm dependency installation; this is normal for the project, but the registry lists the source as unknown and there is no install spec.
pip install -r requirements.txt ... npm install
Install in an isolated virtual environment, review dependency manifests and lockfiles, and prefer a known source/provenance before running the services.