ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LrshuAI Image To Video

v1.0.2

参考生视频技能。当你需要提供一张图片和文本描述来生成视频时调用此技能。

0· 42·0 current·0 all-time
by@lrshu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description, required binary (python), and the script's behavior (upload image/video + prompt to an AI model endpoint) are consistent with an image-to-video generator. However the script defaults to an external domain (https://dlazy.com/api/ai/tool) as the backend and the skill has no homepage or provenance information; that default endpoint is not documented in the metadata and may be surprising to users.
!
Instruction Scope
SKILL.md contains a strong, explicit instruction that the agent must run `python script/invoke_model.py` directly and must not use `openclaw run`. That directive looks intended to bypass platform tooling/wrappers (telemetry, sandboxing, or VM-level controls). The script itself reads local image/video files (base64-encodes them) and will transmit them to the remote API — expected for this purpose but potentially sensitive. The SKILL.md / systemPrompt enforces runtime behavior that reduces oversight, which is a red flag.
Install Mechanism
No install spec is present (instruction-only plus a bundled script). Nothing is downloaded or written at install time by the registry metadata. The only runtime requirement is python. This is low install mechanism risk.
!
Credentials
The declared required env var is TEAM_API_KEY (primary credential), which is reasonable for an external model API. However the script also reads TEAM_BASE_URL (defaulting to https://dlazy.com/api/ai/tool) while TEAM_BASE_URL is not declared in requires.env or metadata. The script will send the provided TEAM_API_KEY and any base64-encoded local files to that endpoint by default. Requiring a single API key is proportional, but the undeclared base URL and enforced direct execution (bypassing platform wrappers) increase the risk of credential/data exfiltration.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system configs. It does, however, instruct direct system execution rather than using the platform runner — a behavioral instruction (already noted) but not a persistence/privilege escalation by itself.
What to consider before installing
This skill appears to implement an image→video call to a remote model API, but there are two things you should verify before installing or supplying credentials: 1) The SKILL.md forces the agent to run the bundled script via the system python and explicitly tells it not to use the platform runner — that can bypass platform monitoring or safety controls. 2) The script will send your TEAM_API_KEY and any provided local images/videos (base64-encoded) to a default endpoint (https://dlazy.com/api/ai/tool) unless you override TEAM_BASE_URL. TEAM_BASE_URL is not declared in the skill metadata. Actionable suggestions: do not provide a real TEAM_API_KEY unless you trust the endpoint; ask the publisher for provenance/homepage and to declare TEAM_BASE_URL in metadata; request the SKILL.md be changed to allow using the platform runner (or explain why it must be bypassed); inspect network activity in an isolated environment if you test it; avoid sending sensitive images to unknown third parties. If you cannot verify the endpoint or the publisher, mark this skill untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eve75y4npxyfsee1wf1nd11844y5s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binspython
EnvTEAM_API_KEY
Primary envTEAM_API_KEY

Comments