Sora Video Generation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sora Version: 1.0.1 The skill bundle is suspicious due to critical vulnerabilities in `scripts/generate_video.py`. The script allows arbitrary file write via the `--filename` argument and arbitrary file read via the `--input-image` argument, as it directly uses user-provided paths without sufficient sanitization or restriction. These flaws could be exploited by a malicious user interacting with the OpenClaw agent to overwrite or read sensitive files on the system where the agent is running. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized third parties or backdoor installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill can consume OpenAI account quota or incur charges under the supplied API key.
The skill uses the user's OpenAI credential to create and download videos. This is purpose-aligned, but it grants account/billing authority and is not reflected in the registry credential declarations.
Set `OPENAI_API_KEY` environment variable or pass `--api-key`.
Use a dedicated or scoped OpenAI API key where possible, prefer the environment variable over passing the key on the command line, and monitor usage.
Private prompts or reference images may leave the local environment and be processed by OpenAI.
The script sends the user prompt and, when provided, a reference image file to OpenAI's video API. This is the expected data flow for the stated function, but users should treat prompts and images as shared with the provider.
video = client.videos.create(prompt=args.prompt, model=args.model, seconds=args.seconds, size=args.size, input_reference=image_file)
Avoid submitting confidential or sensitive images/prompts unless your OpenAI account and data-handling policy allow it.
The packages installed or used by uv may change over time, which can affect reproducibility and dependency risk.
The helper script declares runtime dependencies with lower-bound version ranges rather than exact pins or a lockfile. This is not suspicious by itself, but it means future dependency resolution may vary.
# dependencies = [ # "openai>=1.0.0", # "httpx>=0.25.0", # "pillow>=10.0.0", # ]
For controlled environments, pin or lock dependency versions and install packages from trusted sources.