LTX-2.3 Video API
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only video API helper appears purpose-aligned, but users should notice it relies on an LTX API key and may upload media to external services.
This appears safe to install as an instruction-only helper, but verify the API service, protect your LTX API key, and avoid uploading sensitive personal media to public or unfamiliar file-hosting services.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less context for verifying that the instructions and API endpoint are official or maintained.
The skill has limited provenance information, although it is instruction-only and has no executable install step or bundled code.
Source: unknown; Homepage: none
Verify the LTX API endpoint and documentation before using the skill with real credentials or private media.
If the API key is exposed in logs, prompts, shell history, or shared files, someone else could use the user's LTX account or quota.
The skill requires a bearer API key for the LTX service; this is expected for the stated API integration, but it is sensitive credential material.
**Auth:** `Authorization: Bearer <API_KEY>`
Store the API key securely, avoid pasting it into shared conversations or files, and prefer environment variables or a secrets manager.
Personal images, voice recordings, or video inputs may leave the local environment and become accessible to external services.
The instructions explicitly suggest uploading audio and images to a third-party file host so the LTX API can access them by URL.
**uguu.se** works: upload with `curl -F "files[]=@file.mp3" https://uguu.se/upload`
Only upload media you are comfortable sharing with the external host and LTX API; use a trusted private hosting option when handling sensitive recordings or portraits.