Prep Video
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s video-prep behavior is mostly coherent, but it silently uses fixed Google Drive and Telegram credentials/targets and can run an unreviewed external pipeline script.
Review carefully before installing. This appears tailored to a specific creator’s environment rather than a general safe integration: it uses a fixed Google Drive remote, posts to a hardcoded Telegram chat, and launches another local skill’s script. Only use it if you control those credentials and destinations, understand the external aura-video script it will run, and are comfortable with project metadata being sent to Telegram.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may send messages through someone else’s Telegram bot to a fixed chat, and the exposed bot token is also a credential leak.
The script embeds a Telegram bot token and a fixed chat ID instead of requiring the installer to configure their own notification credential and destination.
BOT_TOKEN="8501038356:AAHhhywqpA97okbyEsxXmdQYuJXi848Tm3g" CHAT_ID="1835871910"
Remove hardcoded Telegram credentials, require user-provided configuration, declare the credential in metadata, and let the user choose the notification destination.
Private project metadata and Google Drive asset paths could be sent outside the user’s environment to a fixed Telegram chat.
The notification helper sends generated status messages to Telegram, including script IDs, titles, scene summaries, and missing Google Drive paths, but SKILL.md does not disclose Telegram as a data destination.
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" ... --data-urlencode "text=${msg}"Disclose the external messaging channel, minimize what is sent, obtain user approval before sending, and make the Telegram endpoint user-configurable.
The skill may access a local Google Drive account/profile that the user did not explicitly approve for this skill.
The script uses a named local rclone Google Drive remote, implying access to a preconfigured Google Drive credential, while the registry metadata declares no credentials or config paths.
RCLONE="/usr/local/bin/rclone" GDRIVE="manus_google_drive" BASE="$GDRIVE:Aura Creatine/Content Pipeline"
Declare the required rclone/Google Drive credential, document the expected remote and scope, and require the user to confirm which account and Drive path the skill may access.
Installing and invoking this skill can cause unreviewed code from another local skill to run automatically as part of the workflow.
When assets are present, this skill runs a script from another skill path that is not included in the reviewed file manifest.
PIPELINE_SCRIPT="$HOME/.openclaw-workspace/skills/aura-video/scripts/aura_video.sh" ... bash "$PIPELINE_SCRIPT" "$SCRIPT_ID"
Bundle or declare the dependency, include provenance and version requirements, and ask for confirmation before executing an external pipeline script.
The skill may fail or use unexpected local tooling unless the environment happens to match the author’s setup.
The script depends on local binaries with absolute paths even though the registry requirements list no required binaries.
RCLONE="/usr/local/bin/rclone" JQ="/usr/local/bin/jq"
Declare required binaries and supported paths in the metadata or make the commands configurable.