Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Omnicast
v1.0.14A local multi-modal podcast pipeline. Ingests media, drafts scripts, synthesizes audio, renders cover art, and uploads to YouTube.
⭐ 1· 126·0 current·0 all-time
by@kaudata
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements a local multi-modal podcast pipeline (ingest, draft, TTS, image render, YouTube upload) which is coherent with the skill description. However registry metadata claims no required env vars while the SKILL.md and package.json explicitly require GEMINI_API_KEY and OPENAI_API_KEY. Additionally, config/secrets.js references ELEVENLABS_API_KEY and the package.json includes googleapis — implying Google OAuth / YouTube credentials — but these are not documented in SKILL.md or registry metadata. These omissions are inconsistent and require clarification.
Instruction Scope
SKILL.md instructs running a local Node app and setting GEMINI_API_KEY/OPENAI_API_KEY and FFmpeg; the code binds to 127.0.0.1 and exposes local endpoints as described. Most runtime instructions and endpoints in the code stay within the stated purpose. Caveats: SKILL.md (and the code) use explicit system-style prompts when calling the Gemini/OpenAI SDKs (a pattern flagged by the prompt-injection scanner), and some environment variables (ElevenLabs, likely Google OAuth/credentials) are referenced in code but not in the human-facing setup doc. Also, verify routes not shown (youtube/linkedin and other omitted files) for any unexpected external data sinks or credential handling.
Install Mechanism
There is no special installer; this is an instruction/code bundle intended to be run with npm install/node. The repository uses common npm packages from the registry (googleapis, openai, axios, ffmpeg wrapper, etc.). No downloads from ad-hoc URLs or archive extraction steps are present in the manifest. Installing dependencies via npm is the expected approach for this type of project.
Credentials
SKILL.md and package.json declare GEMINI_API_KEY and OPENAI_API_KEY which are appropriate for text generation and transcription/synthesis. However: config/secrets.js references ELEVENLABS_API_KEY (not listed in SKILL.md), and googleapis in dependencies plus client-side Google Sign-In imply Google/YouTube credentials are needed but are not documented. The mismatch between declared/required env vars in metadata vs. code is disproportionate and should be resolved before use.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. The server binds to localhost only (index.js explicitly listens on 127.0.0.1) which reduces remote exposure. Autonomous invocation by the agent is enabled by default (disable-model-invocation=false) but that is platform normal and is not by itself a reason to distrust the skill.
Scan Findings in Context
[system-prompt-override] expected: The code explicitly constructs and sends systemInstruction/systemPrompt content to the AI SDK (e.g., routes/draft.js). Prompt-style instructions are normal for an LLM-driven script-drafting app. The scanner flagged this because prompt override patterns are sensitive; review the exact prompts to ensure they do not embed unsafe instructions or attempt to override the agent's environment beyond the task.
What to consider before installing
What to check before running/installing:
1) Missing/undocumented credentials: SKILL.md and package.json mention GEMINI_API_KEY and OPENAI_API_KEY, but config/secrets.js references ELEVENLABS_API_KEY and the app includes googleapis and a Google Sign-In client — which strongly suggests you also need Google OAuth (client ID/secret or OAuth tokens) and possibly ElevenLabs keys. Confirm exactly which environment variables (and how credentials/tokens are stored) before supplying secrets.
2) Inspect omitted files: The evaluation truncated several files (youtube.js, linkedin.js, utils/geminiClient.js, and others). Open those files and verify how tokens/refresh tokens are handled, whether credentials are sent to third-party endpoints, and whether any credentials are persisted to disk or uploaded externally.
3) Prompt usage: The app sends explicit system-style prompts to AI SDKs. This is expected for composing/formatting outputs, but review those prompt strings for any unwanted data leakage instructions or hidden directives.
4) Network & SSRF protections: The ingest route includes DNS-based SSRF protection that blocks many private ranges, which is good, but DNS checks and regex-based private IP detection can be incomplete. If you plan to ingest untrusted URLs, consider running the service in a restricted network environment or sandbox.
5) Run in isolation first: Because the code will download external media (YouTube, arbitrary HTTP URLs) and call cloud LLM/TTS APIs, run it locally in an isolated machine or container until you confirm behavior. Ensure FFmpeg is installed independently and verify file write locations (the downloads folder is created under the project directory).
6) Least privilege for credentials: Create service-specific API keys and limit their scope where possible (e.g., dedicated Google OAuth client with limited scopes, ephemeral tokens if feasible). Never paste high-privilege keys into apps until you understand how they are used and stored.
7) If you need higher confidence: Provide the full content of the omitted files (routes/youtube.js, routes/linkedin.js, utils/geminiClient.js, and any remaining truncated files) so they can be audited for unexpected network calls, credential exfiltration, or writes to unexpected paths. Until then, treat undocumented env vars and the prompt-injection flag as red flags.Like a lobster shell, security has layers — review code before you run it.
geminivk975mh1fpt3t4r9qht7bkhccnh8390qtlanguagevk979ggd4a9zkw85r1j3c4br2ph83c2t4latestvk979ggd4a9zkw85r1j3c4br2ph83c2t4linkedinvk975mh1fpt3t4r9qht7bkhccnh8390qtnanobananavk975mh1fpt3t4r9qht7bkhccnh8390qtnodejsvk975mh1fpt3t4r9qht7bkhccnh8390qtnotebooklm-stylevk979ggd4a9zkw85r1j3c4br2ph83c2t4openaivk975mh1fpt3t4r9qht7bkhccnh8390qtpodcastvk979ggd4a9zkw85r1j3c4br2ph83c2t4ttsvk975mh1fpt3t4r9qht7bkhccnh8390qtwhispervk975mh1fpt3t4r9qht7bkhccnh8390qtyoutubevk979ggd4a9zkw85r1j3c4br2ph83c2t4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.