Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wanjie-openclaw-video
v1.0.0Generate videos via natural language with automatic task monitoring, dependency management, timeout cleanup, and background processing for high-performance V...
⭐ 0· 78·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (call a Veo model to generate video) matches the code that calls an external Veo API. However, instead of requiring the specific service key, the worker reads ~/.openclaw/openclaw.json and picks the first provider's apiKey (cfg['models']['providers'].values()[0]['apiKey']). That can cause the skill to reuse or leak an unrelated provider key (e.g., an OpenAI key) to a third-party endpoint — this access is not scoped or declared in the manifest/SKILL.md and is disproportionate to the narrowly stated purpose.
Instruction Scope
Runtime instructions and code run detached background processes (hooks.js spawns a detached python process; veo_worker.py and video_interface.py both launch subprocesses). The worker reads a user config file (~/.openclaw/openclaw.json), writes logs/results into the skill directory, streams data from a third-party API, extracts the first URL from the streamed content and opens it in the user's browser. It also claims to deploy a Windows scheduled task in SKILL.md though no code creates such a task. Reading arbitrary config and auto-opening URLs are beyond a minimal 'generate video' scope and raise safety concerns.
Install Mechanism
The skill has no formal install spec, but the Python helpers will auto-install the requests package at runtime (video_interface.ensure_dependencies uses pip). Runtime pip installs are moderately risky (network download, executed by the user's Python). requirements.txt lists requests, consistent with behavior.
Credentials
The manifest declares no required env vars or config paths, yet the code reads ~/.openclaw/openclaw.json to extract an apiKey. That key is not explicitly requested/declared and may be unrelated to the Veo service. The skill therefore has access to potentially sensitive credentials (any provider apiKey stored in that file) without declaring or limiting which key it uses.
Persistence & Privilege
The skill does not set always:true and does not modify other skills or global agent config. However, it intentionally launches detached background worker processes and creates lock/log/result files in its model/scripts directory; those processes can persist outside the immediate chat response lifetime. This persistent behavior is expected for a background worker but increases blast radius if the code mishandles credentials or opens URLs.
What to consider before installing
This skill will run a detached Python worker, auto-install the requests package if missing, read your ~/.openclaw/openclaw.json and send whatever apiKey it finds to a third-party API (https://maas-openapi.wanjiedata.com). Before installing: (1) don't use your primary provider keys — create and place a dedicated API key for this Veo service in a separate config or modify the code to read an explicit env var; (2) inspect or run the code offline to verify it uses the intended key; (3) be cautious because the worker will auto-open the first URL returned by the service in your browser; and (4) if you need stricter control, ask the author to change the code to accept a declared environment variable (e.g., WANJIE_API_KEY) instead of reading ~/.openclaw/openclaw.json and to avoid auto-opening URLs or running pip installs automatically.hooks.js:11
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97b9zs03gtj9j98x46a7ddvtn84k5zm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.