Content Automator
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears aligned with its video-generation purpose, but it uses an ElevenLabs API key, sends generated script text to ElevenLabs, and runs local ffmpeg commands.
This skill is reasonable to use if you are comfortable with ElevenLabs receiving the generated script text and with local ffmpeg creating files in your chosen output directory. Check the available CLI commands first, and avoid feeding it private portfolio or script data unless you intend that content to be turned into audio/video through ElevenLabs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume ElevenLabs quota or incur provider-side billing tied to the configured API key.
The skill requires an ElevenLabs account API key to perform text-to-speech calls. This is disclosed and purpose-aligned, but it gives the skill delegated use of that provider account.
This skill intentionally accesses: - `ELEVENLABS_API_KEY` from environment (for TTS API calls)
Use a dedicated or limited-scope ElevenLabs key where possible, monitor usage, and remove the environment variable when not needed.
Custom scripts or portfolio-derived trading details may be processed by a third-party TTS provider.
The script sends the generated script text to the ElevenLabs API. For the trading workflow, that generated text can include parsed portfolio value, positions, and P&L.
data = {
"text": text,
"model_id": "eleven_monolingual_v1",
...
response = requests.post(url, json=data, headers=headers, timeout=60)Only run the skill on text and portfolio data you are comfortable sending to ElevenLabs, and review provider privacy/retention terms.
The skill can create or overwrite video outputs in the chosen directory and depends on the local ffmpeg/ffprobe binaries behaving as expected.
The skill invokes local ffprobe/ffmpeg binaries to inspect audio and assemble videos. This is central to the stated purpose and is not hidden, but it is still local command execution.
subprocess.run(probe_cmd, capture_output=True, text=True, check=True) ... subprocess.run(ffmpeg_cmd, capture_output=True, check=True)
Use trusted ffmpeg binaries and choose an output directory where generated files and overwrites are acceptable.
Some documented commands may fail or not behave as advertised, which could waste time or create misplaced trust in the automation pipeline.
The documentation advertises a news command, while the included Python parser only defines trading, script, and templates subcommands. This appears to be an overstatement of functionality rather than malicious behavior.
# Generate news summary python3 scripts/content_automator.py news --topic "AI agents" --sources "twitter,colony" --output ~/Videos/
Verify available commands with `python3 scripts/content_automator.py --help` before relying on the documented examples.