Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sora Video Generation
v1.0.1Generate videos from text prompts or reference images using OpenAI Sora. ✅ USE WHEN: - Need AI-generated video from text description - Want image-to-video (animate a still image) - Creating cinematic/artistic video content - Need motion/animation without lip-sync ❌ DON'T USE WHEN: - Need lip-sync (person speaking) → use veed-ugc or ugc-manual - Just need image generation → use nano-banana-pro or morpheus - Editing existing videos → use Remotion - Need UGC-style talking head → use veed-ugc INPUT: Text prompt + optional reference image OUTPUT: MP4 video (various resolutions/durations)
⭐ 2· 1.2k·10 current·10 all-time
byPaul de Lavallaz@pauldelavallaz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and runtime behavior align: the script calls OpenAI's videos endpoints to create and download Sora-generated videos. However the registry metadata lists no required environment variables even though the SKILL.md and script clearly require an OpenAI API key (OPENAI_API_KEY or --api-key).
Instruction Scope
SKILL.md instructions and the script stay on-topic: they take a prompt and optional image, resize the image, call the OpenAI Videos API, poll for completion, and download the MP4. The instructions do not request unrelated files, system credentials, or unexpected external endpoints.
Install Mechanism
This is instruction-only / no install spec, so nothing is auto-downloaded by an installer. The included Python script however lists dependencies (openai, httpx, pillow) but the skill does not provide an installation step. The user will need to ensure those packages and Python >=3.10 are installed before running.
Credentials
The script requires an OpenAI API key (OPENAI_API_KEY or --api-key) but the skill metadata declares no required env vars or primary credential. That omission is a mismatch and could lead to confusion; otherwise the script does not request unrelated credentials or broad system secrets.
Persistence & Privilege
The skill does not request permanent/autonomous privileges (always:false) and does not modify other skills or system-wide agent configuration. It writes output files and temporary image files only as needed for its function.
What to consider before installing
This skill is functionally coherent with its description (it calls OpenAI Sora to generate videos), but take these precautions before installing or running it:
- Provide only a scoped OpenAI API key and be aware this key will be used to create video jobs and download content; verify billing and key permissions. The skill uses OPENAI_API_KEY (or --api-key) but the registry metadata omitted this — expect to supply it yourself.
- Install the required Python environment and libraries (Python >=3.10, openai, httpx, pillow) or run in a controlled environment (virtualenv/venv) to avoid affecting system packages.
- The code saves temp image files and the final MP4 to disk; ensure you run it in a directory where writing files is acceptable.
- Videos may expire on the provider side (~1 hour), so they are downloaded immediately by the script; be mindful of any sensitive content sent to the API.
- The skill source and homepage are unknown — if you need higher assurance, ask the publisher for provenance (where the package came from, signed releases, or an official repo) before trusting it with an API key.
If you want to proceed, consider creating a dedicated OpenAI API key with limited scope or billing limits to reduce risk.Like a lobster shell, security has layers — review code before you run it.
latestvk975cczhbr46zy5vxs7q23xbbn8103xr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.