ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LrshuAI Text To Video

v1.0.0

文生视频技能。当你需要仅提供一段文本描述来生成视频时调用此技能。

0· 28·0 current·0 all-time
by@lrshu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the included code: a Python script that sends prompts (and optional media) to a remote model API. Requiring python and a TEAM_API_KEY is plausible. However the script defaults to using https://dlazy.com/api/ai/tool as the base URL (not mentioned in the description) which is an external host not justified in the SKILL.md.
!
Instruction Scope
SKILL.md contains a CRITICAL instruction forcing the agent to run `python script/invoke_model.py` directly and forbids using `openclaw run`. That appears designed to bypass the platform's normal execution/wrapping and is a significant deviation from expected runtime behavior. The script will also read local files if passed via args and makes arbitrary network requests to the base URL, which increases the attack surface when executed outside the platform's supervision.
Install Mechanism
This is an instruction-only skill with a bundled Python script (no install spec). The script uses the third-party Python 'requests' package but the skill does not declare or install dependencies, which may cause runtime errors; the lack of an install step is low risk by itself but means the script will run as-is in the agent environment.
!
Credentials
The declared required env var TEAM_API_KEY is reasonable for calling an external API. But the script also reads TEAM_BASE_URL (to select the endpoint) which is not declared in requires.env or documented in SKILL.md metadata. The default endpoint (dlazy.com) is a third-party domain. Requiring an API key without documenting the target service and permitting an undeclared base URL is disproportionate and may allow credential use with an unexpected remote host.
!
Persistence & Privilege
The skill does not request 'always: true' and uses normal autonomous invocation, which is expected. However the explicit instruction to avoid the platform-run wrapper combined with autonomous invocation increases the blast radius: the agent could invoke the script without platform-level monitoring and cause network/exfiltration activity. This combination raises concern.
What to consider before installing
This skill contains a Python script that sends prompts and optional local files to a remote API using TEAM_API_KEY. Key concerns: (1) SKILL.md explicitly forbids running under the platform runner and forces direct execution of the script — ask why and prefer a version that uses the platform's normal run path so execution and network calls are observable; (2) the script defaults to an external endpoint (https://dlazy.com/api/ai/tool) and also reads TEAM_BASE_URL (an undeclared env var) — confirm the destination domain and whether your TEAM_API_KEY is intended for that service; (3) it will read local image/video files if given and base64-encode them to send — avoid passing sensitive files; (4) missing declared dependency on 'requests' could cause unexpected behavior. Before installing: verify the publisher identity and endpoint, require the skill to declare TEAM_BASE_URL (or harden it to an approved domain), insist on using the platform-run wrapper, test in a restricted sandbox with a scoped API key you can rotate, and consider denying autonomous invocation until you confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk972w9rg0x9nk0vzs00752s505844zye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binspython
EnvTEAM_API_KEY
Primary envTEAM_API_KEY

Comments