Al Video Generation
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent ShortAPI video-generation integration, but it uses a ShortAPI API key and remote model schema documents, so requests and costs should be reviewed.
Install only if you intend to use ShortAPI for video generation. Use a dedicated ShortAPI key, review any generated request before submission, and avoid sending sensitive prompts, images, or videos unless you are comfortable with ShortAPI processing them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to create ShortAPI video-generation jobs using the configured key, which could consume credits or account quota.
The skill requires a ShortAPI credential and uses it as a Bearer token to call the service. This is expected for the integration, but it gives the agent access to the user's ShortAPI account/API quota.
"requires": { "env": ["SHORTAPI_KEY"] } ... "Include the Bearer token in the `Authorization` header."Use a scoped or dedicated ShortAPI key if available, monitor usage, and rotate the key if it is exposed.
Prompts, image/video references, and other request parameters may be sent to ShortAPI, and jobs may consume paid credits.
The skill instructs the agent to perform authenticated POST requests to create video-generation jobs. This is central to the stated purpose, but it is an external action with possible cost and data-processing impact.
Make an HTTP POST request to the API Endpoint. Include the Bearer token in the `Authorization` header.
Review the selected model, payload, uploaded or referenced media, and expected cost before allowing job creation.
If a fetched model document contains incorrect or unexpected instructions, the agent could build an unintended request payload.
The skill relies on dynamically fetched Markdown documents to shape the API payload. This is purpose-aligned, but remote retrieved text can influence agent context if not treated narrowly as schema documentation.
This URL will return a Markdown (`.md`) text document containing the exact Input Parameters Schema for that specific model, alongside code examples. You must parse it to understand which arguments go into the `args` object.
Treat fetched model documents as untrusted schema/reference data, ignore unrelated instructions, and only include parameters needed for the user's requested generation.