Gen Clip

The skill's code contains a hard-coded Telegram bot token and fixed chat ID and depends on files in another skill's workspace, which does not match the declared (credential-free, self-contained) description — this could redirect generated clips to a third party instead of the invoking user.

Do not install or run this skill as-is. The script contains a hard-coded Telegram bot token and a fixed chat ID that will send every generated video to that account (not necessarily to the invoking user), which is effectively exfiltration of generated content. The script also depends on a Gemini Python script and virtualenv located in another skill's workspace that are not declared. If you must use this functionality: (1) treat the embedded BOT_TOKEN as compromised — revoke/rotate it in Telegram now; (2) ask the author to remove hard-coded secrets and require a per-agent BOT_TOKEN and recipient chat_id via explicit environment variables or runtime parameters; (3) require the Gemini text-to-video script and venv be included with the skill or documented as a declared dependency; (4) modify behavior so the skill returns the video to the invoking user's chat ID rather than a hard-coded CHAT_ID; (5) avoid running untrusted code that posts data to third-party accounts until these changes are made. If you cannot validate the changes and the author’s identity, consider this skill unsafe to enable.