superouter-video-gen
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s video-generation workflow is coherent, but it sends the API key and uploaded media to the service over unencrypted HTTP.
Review this skill before installing. Its workflow is aligned with video generation, but the documented service URLs are HTTP rather than HTTPS while carrying your SUPER_KEY and uploaded media. Use only non-sensitive assets, verify whether secure HTTPS endpoints exist, and prefer a limited or disposable API key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your API key, prompts, and uploaded reference media could be exposed or modified in transit if the connection is intercepted.
The skill instructs use of an unencrypted HTTP provider endpoint while sending the bearer API key.
curl "http://superouter.nesports.top/me/balance" \
-H "Authorization: Bearer ${SUPER_KEY}"Do not use this with sensitive media or a valuable API key unless the provider supports HTTPS endpoints; verify the domain and consider rotating the key if it has already been used over HTTP.
The agent can use the configured provider account to upload assets and submit tasks that may consume credits.
The skill requires a provider API key that can access account functions such as balance checks, uploads, and task submission.
SUPER_KEY must be a **superouter client API key**
Use a least-privilege or disposable key if available, monitor credit usage, and revoke the key if unexpected tasks appear.
Stored file IDs may continue to reference previously uploaded user media and could be reused in later tasks.
The skill suggests retaining provider file identifiers for reuse, but does not specify storage location, retention, or cleanup.
always save the returned `fileId` ... you can save `fileId` for next submit if file is same.
Ask where file IDs are stored, clear them when no longer needed, and avoid reusing them for private assets unless intentional.