Anima
WarnAudited by ClawScan on May 10, 2026.
Overview
Anima’s video-generation purpose is coherent, but its scripts use unsafe shell command construction and undeclared service credentials for Feishu/Gemini/Fish Audio workflows.
Review this skill before installing. If you use it, run in preview/sandbox first, provide only limited provider credentials in the skill-local .env, avoid private scripts or images unless you accept provider processing, and do not let untrusted text control target IDs or scripts until the shell-command handling is fixed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted target value or unsafe agent invocation could run commands on the user’s machine under the agent’s permissions.
A CLI-supplied target value is inserted into a shell command. Shell substitutions or quoting characters in that value could execute local commands before the Feishu sender runs.
else if (args[i] === '--target') targetId = args[++i]; ... execSync(`node "${SEND_SCRIPT}" "${targetId}" "${FINAL_VIDEO}"`, { stdio: 'inherit' });Use execFile/spawn with argument arrays instead of shell strings, validate target IDs strictly, and run only trusted inputs until this is fixed.
Installing and using delivery features requires granting the skill Feishu app authority that can post media into chats.
The sender uses Feishu app credentials to obtain a tenant access token and send media messages, while the registry metadata declares no required credentials or primary credential.
const APP_ID = process.env.FEISHU_APP_ID; const APP_SECRET = process.env.FEISHU_APP_SECRET; ... tenant_access_token/internal ... im/v1/messages?receive_id_type=chat_id
Declare the Feishu credentials and required scopes in metadata, use the least-privileged Feishu app permissions, and require an explicit user confirmation before sending.
Private character images, prompts, generated audio text, and final videos may be processed by external providers as part of normal use.
Sprite generation sends the base sprite image and prompt to Gemini. This is disclosed and purpose-aligned, but it means user-provided character imagery leaves the local machine.
const imgBase64 = imgBuffer.toString('base64'); ... inline_data: { mime_type: "image/png", data: imgBase64 } ... generativelanguage.googleapis.comUse non-sensitive assets or review provider data policies before supplying private images, scripts, or workspace videos.
A future install could resolve different package versions than the author tested.
The skill includes runtime dependencies with caret version ranges, but the provided install spec is absent and no lockfile is shown. This is not malicious by itself, but it weakens reproducibility.
"dependencies": { "sharp": "^0.33.0", "dotenv": "^16.4.5" }Add an install spec and lockfile or pin dependency versions, and document required local binaries such as ffmpeg, ffprobe, and curl.