wanjie-openclaw-video
Security checks across malware telemetry and agentic risk
Overview
This video-generation skill mostly matches its stated purpose, but it uses an undeclared local OpenClaw API key, starts background work, and claims scheduled monitoring without clear user controls.
Review this skill carefully before installing. Only use it if you are comfortable with it reading your OpenClaw API-key config, sending prompts and a bearer token to the Wanjie API, opening returned URLs automatically, and potentially running background monitoring. Prefer a version that explicitly asks for a Wanjie-specific key, validates result links, and provides clear controls to stop or remove any background task.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use or disclose a provider API key the user did not intend to give to this video service, potentially causing account exposure or unexpected API charges.
The worker reads a local OpenClaw config file, selects the first provider API key rather than an explicitly scoped Wanjie key, and sends it as a bearer token to the Wanjie endpoint. This credential use is not declared in the registry metadata.
config_path = os.path.join(os.path.expanduser("~"), ".openclaw", "openclaw.json") ... key = list(cfg['models']['providers'].values())[0]['apiKey'] ... headers={"Authorization": f"Bearer {key}"Require and declare a specific Wanjie credential, select it by provider name, avoid using arbitrary first-provider keys, and document exactly what account access is needed.
A background monitor could continue running after the chat interaction, consume resources or API quota, and be hard for a user to discover or remove.
The skill claims it starts recurring background monitoring and a Windows scheduled task, but the artifacts do not show clear user opt-in, stopping conditions, disable instructions, or uninstall cleanup for that background behavior.
后台会启动定时监控(每5分钟一次)... 本插件部署了 Windows 任务计划程序 `OpenClaw_Veo_Monitor` 进行自动化监控。
Make scheduled monitoring explicitly opt-in, document exactly what is installed, provide a clear disable/uninstall command, and avoid persistent background tasks unless necessary.
If the response contains an unexpected or malicious URL, the skill could automatically open it in the user's browser.
The worker extracts the first URL from the external API/model response and opens it in the user's browser without confirmation or an allowlist of expected result domains.
match = re.search(r'(https?://\S+)', full) ... url = match.group(1) ... open_url(url)
Show the link to the user first, validate the domain against expected video-result hosts, and ask for confirmation before opening external URLs.
Video generation runs outside the main chat process, which can make failures, resource use, or cancellation less visible.
The skill runs a local Python process from the message hook. This is purpose-aligned for the included worker, but it is detached background execution.
const child = spawn('python', [scriptPath, '--prompt', prompt, '--model', 'veo3.1', '--seconds', '8'], { detached: true, stdio: 'ignore' }); child.unref();Keep the worker path fixed, show task status clearly, and provide a user-visible way to cancel or inspect background jobs.
The installed package version may vary over time and depends on the user's Python package index configuration.
The interface can install the requests package at runtime if missing. Dependency self-repair is disclosed and purpose-aligned, but the runtime install is not pinned to an exact reviewed version.
subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])
Pin dependency versions, prefer install-time dependency resolution, and document the package source.