Veo Video Generator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill does what it says: it sends a user’s video prompt to Google Veo using a declared Gemini API key and saves the generated MP4 locally.
Before installing, make sure you are comfortable with npm dependency installation and with sending your video prompts to Google using your Gemini API key. The artifacts do not show hidden file access, credential leakage, persistence, or unrelated behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill may consume Google/Gemini API quota or incur costs, and prompts are sent to Google for generation.
The skill uses the user-provided Gemini API key to call Google GenAI, which is necessary for the stated video-generation purpose but grants access to the user’s provider account.
const apiKey = process.env.GEMINI_API_KEY; ... const ai = new GoogleGenAI({ apiKey });Use a Gemini API key with appropriate limits and avoid putting secrets or private information in video prompts unless you are comfortable sending them to Google.
Installing the skill fetches third-party npm dependencies into the environment.
The skill depends on npm packages before use. This is expected for a Node-based Google API integration, and package-lock.json includes pinned resolved packages and integrity data, but dependency installation is still a supply-chain surface.
The agent must run `npm install` once before the first execution to fetch dependencies.
Review the package.json/package-lock.json if dependency provenance matters, and install only in an environment where npm package installation is acceptable.