Ai Video Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its AI video-generation purpose, but it uses paid third-party API keys, cloud generation services, Python dependencies, and FFmpeg file operations that users should review before use.
This skill appears suitable for its stated purpose. Before installing or running it, set up provider keys carefully, expect possible API charges, avoid sensitive content in prompts or narration unless provider policies are acceptable, install dependencies in an isolated environment, and choose output file paths that are safe to overwrite.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you use this skill, your provider API keys may be used to generate images, videos, or speech and may incur charges.
The code reads provider API credentials from the environment/.env for paid generation services. This is expected for the stated purpose and no artifact shows hardcoded or leaked keys, but the credentials can spend money or access provider accounts.
load_dotenv(); OPENAI_API_KEY = os.getenv('OPENAI_API_KEY'); REPLICATE_API_TOKEN = os.getenv('REPLICATE_API_TOKEN'); LUMAAI_API_KEY = os.getenv('LUMAAI_API_KEY')Use dedicated provider keys with limited billing or quotas where possible, keep .env private, and monitor provider usage.
Private prompts, narration text, or project details could be processed by third-party AI services.
The script sends prompts and generation job data to external cloud providers. This is disclosed and purpose-aligned for AI video generation, but it means user-provided creative text and related job data leave the local machine.
prompt=prompt ... "https://api.lumalabs.ai/dream-machine/v1/generations" ... json=data
Do not include confidential or regulated information in prompts or voiceover text unless the provider terms and retention policies are acceptable.
A chosen output file can be replaced during video assembly or voiceover addition.
The skill invokes FFmpeg on user-supplied media paths and uses -y, which can overwrite the selected output file. This is central to video editing and is not hidden, but users should choose paths deliberately.
cmd = ['ffmpeg', '-y', '-i', video_path, '-i', audio_path, ... output_path]
Run the scripts in a project folder, keep backups of important media, and choose output filenames intentionally.
Future installs may pull newer dependency versions with different behavior or newly introduced vulnerabilities.
The dependency list uses broad lower-bound versions rather than pinned versions. Installing these packages is expected for the skill, but exact resolved package versions may vary over time.
openai>=1.0.0; replicate>=0.20.0; requests>=2.31.0; pillow>=10.0.0; python-dotenv>=1.0.0
Install in a virtual environment, consider pinning dependency versions, and review package sources before use.