GIF
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gif Version: 1.0.1 The skill bundle is benign. The `SKILL.md` provides instructions and command examples for creating, optimizing, and searching GIFs using standard tools like `ffmpeg`, `gifsicle`, and `curl`. The use of environment variables for API keys (`GIPHY_API_KEY`, `TENOR_API_KEY`) is a standard and appropriate practice. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent. All commands and instructions are directly aligned with the stated purpose of GIF management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help run local media-conversion commands that read an input video and write a GIF output.
The skill documents local command-line media conversion. This is expected for GIF creation and appears user-directed, but it is still command execution that should operate only on intended files.
ffmpeg -ss 0 -t 5 -i input.mp4 ... output.gif
Use this skill on media files you intend to process, and review generated commands before running them if paths or filenames matter.
If configured, the agent could use GIF provider API keys to make search requests to those services.
The skill mentions optional API keys for GIF search providers. These are purpose-aligned and no leakage or unrelated use is shown, but they are still credentials users should handle carefully.
GIPHY_API_KEY — for Giphy search API - `TENOR_API_KEY` — for Tenor search API
Use limited-purpose API keys where possible and avoid sharing keys in prompts, logs, or generated files.