An OpenClaw skill for AI-powered multimedia generation (image, video, audio, 3D) via 170+ RunningHub API endpoints — zero dependencies, pure Python.
v1.0.1Generate images, videos, audio, and 3D models via RunningHub API (170+ endpoints) and run any RunningHub AI Application (custom ComfyUI workflow) by webappId...
⭐ 0· 150·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match assets and behavior: the package contains Python scripts that call RunningHub endpoints, a large capabilities.json catalog, and SKILL.md describing image/video/audio/3D and AI-app flows. Required binaries (python3, curl) and the primary credential (RUNNINGHUB_API_KEY) are appropriate for a client that shells out to curl and calls RunningHub APIs.
Instruction Scope
SKILL.md tightly scopes runtime actions to using the included scripts (never curl directly) and to interacting with RunningHub endpoints. Scripts do read ~/.openclaw/openclaw.json as a fallback for the API key and the docs instruct users how to save the key there. This is coherent with the skill’s behavior but worth noting: the skill encourages users to provide their API key (including showing a snippet that saves it into ~/.openclaw/openclaw.json) and the scripts may send the key in query/form parameters to runninghub.cn endpoints.
Install Mechanism
No install spec; instruction-only with included scripts (no external downloads or package installs). Risk is limited to running the provided Python scripts and curl commands — nothing is fetched from third-party URLs at install time.
Credentials
Only the RunningHub API key is required (primaryEnv RUNNINGHUB_API_KEY), which is proportionate. The scripts also attempt to read the agent config at ~/.openclaw/openclaw.json to find a saved key — this access is limited to the skill's own config area but implies the skill can read/write that file if the user follows the provided save-key snippet. The skill's instructions also prompt users to paste keys into chat as a verification option; that is functional but increases risk of accidental exposure if users paste secrets in messages.
Persistence & Privilege
always:false and no special platform-wide privileges. The only persistence behavior documented is an optional user-driven save of the API key to ~/.openclaw/openclaw.json (a per-user config file). The skill does not modify other skills or require always-on presence.
Assessment
This skill appears to do what it claims: it runs local Python scripts that call RunningHub (runninghub.cn) APIs and requires your RunningHub API key. Before installing or using it, consider: 1) Only provide an API key you trust the RunningHub service with; avoid pasting the key in a public chat — prefer saving it to ~/.openclaw/openclaw.json if you accept that file storage. 2) The scripts will make network calls only to runninghub.cn; verify you trust that domain and understand any billing/cost implications. 3) The skill enforces hiding raw endpoint URLs/IDs from users and automates file delivery via a platform message tool — review whether that delivery flow fits your privacy requirements. 4) Be mindful of features like voice cloning, realistic-person video, or uploading images of people: those carry legal/ethical considerations. If you want additional assurance, review the three Python scripts and data/capabilities.json yourself and test with a low-permission test key or a small-budget account first.Like a lobster shell, security has layers — review code before you run it.
latestvk974rbeh0eve6k430yajvqf0n982wjyc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Binspython3, curl
Primary envRUNNINGHUB_API_KEY