Dream Talking Image
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: dream-talking-image Version: 1.0.1 The skill bundle provides documentation and integration instructions for the Dream Talking Image API (api.newportai.com). It outlines standard API usage for generating videos from images and audio, requires a user-provided API key, and contains no executable code, obfuscation, or malicious instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make authorized API requests using the configured key, which may consume account quota or access paid provider functionality.
The skill requires a provider API key and uses it as a bearer token for the Talking Image API. This is expected for the stated purpose, but it is still account-level authority.
requires: {"env": ["DREAMTALKINGIMAGE_API_KEY"]} ... Authorization: Bearer {DREAMTALKINGIMAGE_API_KEY}Use a service-specific API key with appropriate limits, monitor usage, and rotate the key if it is exposed.
Photos, audio, and generated-video inputs may be processed by a third-party service, which could matter for private or sensitive media.
The documented workflow sends image and audio locations, and possibly uploaded local files, to an external API provider for processing.
Upload your local files to OSS first ... POST https://api.newportai.com/api/async/talking_image ... "photoUrl" ... "audioUrl"
Avoid using sensitive personal media unless you trust the provider's privacy and retention practices; prefer expiring or access-controlled URLs where possible.
Users have less registry-level context for verifying who published the skill or whether the linked API documentation is the intended provider.
The artifact has limited provenance metadata, although it is instruction-only and contains no install script or executable code.
Source: unknown Homepage: none
Verify the API documentation and provider identity before configuring an API key.