Varg Ai

This skill appears to be what it claims: a varg.ai gateway client for creating media that expects a VARG_API_KEY and optionally bun/ffmpeg for local rendering. Before you install/use it: - Do NOT paste secrets into chat. The skill will ask for your email and a 6-digit OTP during Option B (normal OTP sign-in), and it explicitly says not to ask users for raw API keys — follow that. If you already have a VARG_API_KEY, the skill asks you to export it in your shell (export VARG_API_KEY=...). - The skill will save credentials to ~/.varg/credentials and append VARG_API_KEY to .env by default. If you prefer not to persist your key on disk, skip those steps or inspect the created files. Verify the contents of ~/.varg/credentials after setup (the SKILL.md save snippet uses a literal USER_EMAIL placeholder in one place — check that it stores your real email). - The skill recommends running bundled scripts (scripts/setup.ts/sh) and using network operations (curl to GitHub and npx -y skills update). Treat those as operations that will execute code or install packages locally — inspect the scripts and consider running them manually in a controlled environment before allowing automated execution. - Optional BYOK provider keys (Fal, ElevenLabs, Replicate, etc.) are documented and optional; only provide them if you understand billing implications (BYOK may avoid varg credits but charges the provider directly). If you want extra assurance, open and review the setup scripts (scripts/setup.sh and scripts/setup.ts) before running them and confirm the version check/update commands point to trusted repositories. If anything in the scripts looks unexpected, do not run them.