Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aura Video
v1.0.0Generate a complete Aura Creatine TikTok/Instagram video from a JSON script. Reads the script from Google Drive, generates A-roll (Kristina image-to-video vi...
⭐ 0· 267·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim: generate videos from a Google Drive JSON script using AIML, Gemini, and Remotion — which matches the included code. However the registry metadata claimed no required env or binaries but the SKILL.md and scripts clearly expect API keys (AIML/GEMINI), rclone config for Google Drive, a specific ffmpeg binary, and Python scripts/venv from another skill (auraveo). These external/local paths and tools are not declared in the registry metadata, which is inconsistent and disproportionate.
Instruction Scope
Runtime scripts do more than the SKILL.md prose implies: they source $HOME/.openclaw/.env, read AIML_API_KEY and optional Telegram tokens, use rclone to copy files to/from Google Drive, call Python scripts living under $HOME/.openclaw-workspace/skills/auraveo, and call a render helper in $HOME/aura-remotion. They also optionally POST to Telegram. The instructions therefore access local dotfiles, state/log files, and external network endpoints beyond those explicitly documented; that scope creep is not declared in the registry metadata.
Install Mechanism
There is no install spec (instruction-only), which lowers supply-chain risk, but the bundle includes node project files (package.json, package-lock) and shell scripts that expect Remotion, Node/React, ffmpeg, rclone, and a Python venv to be present. Because no install steps are provided, an operator may inadvertently run scripts on a system that doesn't meet these hidden prerequisites or runs untrusted code from referenced paths.
Credentials
SKILL.md metadata lists GEMINI_API_KEY and AIML_API_KEY, which are reasonable for text/video-generation. However the scripts also read other secrets/config that were not declared: they source $HOME/.openclaw/.env (grep for AIML_API_KEY), look for TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID for notifications, and require an rclone Google Drive config at $HOME/.gdrive-rclone.ini. Those additional credentials and config accesses are not declared in the registry metadata, making the requested environment access broader than communicated.
Persistence & Privilege
always:false (good). But the included watcher writes state and log files to the user's home ($HOME/.aroll_watcher_state, $HOME/.aroll_watcher.log) and is intended to run from cron. More importantly, the main script executes Python helper scripts from another skill's venv ($HOME/.openclaw-workspace/skills/auraveo/venv) and calls other local helper scripts (e.g., render_animation.sh) using hardcoded absolute paths. That coupling means this skill can execute code outside its own directory, which elevates the impact if those external scripts are untrusted or malicious.
Scan Findings in Context
[undeclared-env-usage] unexpected: Scripts source $HOME/.openclaw/.env and reference TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID and rclone config, but the registry metadata declared no required env/config.
[hardcoded-system-paths] unexpected: Hardcoded references to /usr/local/bin/rclone, a Homebrew ffmpeg path, and $HOME/.openclaw-workspace/skills/auraveo/venv/python3 mean the script assumes specific local layout and will execute code outside the skill directory.
[external-cdn-url] expected: The script maps Kristina images to a files.manuscdn.com CDN URL — this is consistent with needing a publicly accessible image for the image-to-video service, but it is an external host and should be audited for appropriateness.
[network-requests-telegram] expected: The watcher uses curl to call the Telegram bot API for notifications. That is plausible for notifications but requires Telegram credentials which are not declared.
What to consider before installing
This skill appears to implement the advertised video pipeline, but it has several red flags you should address before installing or running it:
- Secrets & configs: The scripts expect AIML/GEMINI API keys (declared in SKILL.md) but also source $HOME/.openclaw/.env and look for TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID and a rclone Google Drive config ($HOME/.gdrive-rclone.ini). Make sure you understand where those files/keys would come from and do not place high-privilege credentials there unless you trust the code.
- Hidden dependencies & paths: The bash scripts call ffmpeg at a hardcoded Homebrew path and a Python binary inside another skill's venv ($HOME/.openclaw-workspace/skills/auraveo). Confirm those helper scripts and the venv are present and trusted; otherwise the skill may run arbitrary code outside its own directory.
- Missing declarations: The registry metadata did not list the environment variables, binaries, or config paths the scripts actually need. Treat that as a sign to audit the full repository and any external helper scripts before use.
- Run in isolation: If you want to test, run the pipeline in an isolated environment (dedicated VM or container) with minimal credentials and monitored network access. Verify the auraveo helper scripts and render helpers are exactly what you expect (or modify aura_video.sh to point to known-trusted paths).
- If you need to proceed: add explicit, minimal API keys in an isolated credential store, ensure rclone config only has the necessary Drive access, and inspect/replace any hardcoded absolute paths to point to vetted binaries inside the skill folder.
If you want, I can list the exact lines/locations in the scripts that reference the undeclared files and creds, or help craft a safer wrapper that limits which external commands/paths are used.Like a lobster shell, security has layers — review code before you run it.
latestvk9747ptfqd36vskyrwxa4we6qn828cgv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis