Skillv2.23.0

ClawScan security

Create Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 13, 2026, 6:12 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose (creating HeyGen videos) — it only asks for a HeyGen API key and provides prompt, asset upload, and polling guidance — but you should be aware of a few privacy/operational implications (uploads, webhooks, and research guidance).
Guidance: This skill appears to do what it says: generate HeyGen videos using your HEYGEN_API_KEY. Things to consider before installing or using it: - HEYGEN_API_KEY = account access and billing. Treat it like a secret; only provide a key scoped to what you need and rotate if possible. API calls consume credits according to your HeyGen plan. - Uploading assets (images/audio/video) will transmit those files to HeyGen and the upload response can include accessible URLs. Do not upload sensitive or private files unless you accept they will be stored/processed by HeyGen and may become accessible via URLs. - Webhooks / callback_url: the Video Agent supports callback_url. If you provide a webhook URL, the service will POST completion data there — that can leak metadata or URLs to any endpoint you configure. Only use trusted endpoints. - The prompt optimizer recommends 'pull data' from web searches and internal docs. That guidance can lead the agent to fetch external or internal documents if tools are available — avoid instructing the agent to access private systems or files you don't want transmitted. - Examples include reading local files (fs.readFileSync) to upload assets. Ensure the agent/process is only given access to intended files and avoid giving it broad local filesystem permissions. - Best practices: use a least-privilege API key, test in HeyGen test mode if available, monitor quota/credits, avoid uploading PII or proprietary content, and do not set callback_url to untrusted endpoints. If you need the agent to work with internal docs, explicitly review and sanitize that content first.

Review Dimensions

Purpose & Capability: okThe skill is explicitly a HeyGen Video Agent helper and only requires HEYGEN_API_KEY. All required fields, endpoints, and examples target HeyGen APIs (video-agents, videos, upload.heygen.com) and the declared primary credential matches the described purpose.
Instruction Scope: noteMost instructions stay within the video-generation domain (prompt writing, uploads, polling). Two areas to be cautious about: (1) prompt-optimizer.md's 'Pull data — Research the topic: web search, APIs, internal docs' could encourage the agent to fetch external or internal documents beyond the user's explicit prompt, and (2) many examples show reading local files (fs.readFileSync, streams) and uploading them — legitimate for assets but means the agent may be instructed to access local files. The skill does not itself require unrelated env vars or config paths.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal disk footprint and no downloads. This is the lowest-risk install posture.
Credentials: okOnly HEYGEN_API_KEY is required and used throughout examples and endpoint calls. The credential is proportional to the stated function (calling HeyGen APIs). There are no unrelated secrets requested.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and has no install-time privileges. It relies on runtime API calls and optional MCP tools. Autonomous invocation is allowed (default) but not combined with other elevated privileges.