AI Video Script Generator (Yijia Test)

PassAudited by ClawScan on May 1, 2026.

Overview

This is mainly an instruction-only video script prompt generator, with optional workflow command examples that users should review before running.

Safe for normal use as a prompt/script-writing aid. Before using the optional Creator/Yijia test commands, review the referenced local scripts, replace hard-coded paths and targets with your own, and confirm any API key, quota, or account effects.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI05: Unexpected Code Execution

What this means

If the user manually runs these commands, they will execute local workflow scripts and may call a video-generation service.

Why it was flagged

The reference document provides shell commands that would execute local scripts outside this skill package. They are presented as a Creator test workflow, not as hidden automatic execution.

Skill content

python3 /Users/shift/.openclaw/workspace-video-creator/scripts/workflow_guard.py
python3 /Users/shift/.openclaw/workspace-video-creator/scripts/enforce_project_layout.py
bash /Users/shift/.openclaw/workspace-video-creator/scripts/yijia_generate.sh

Recommendation

Only run these commands after reviewing the local scripts, adjusting the paths and target values, and confirming the action is intended.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The package identity information is not fully consistent, so users may want to confirm they are installing the intended skill version.

Why it was flagged

The embedded metadata differs from the registry-provided slug/version for the evaluated skill, which is a provenance consistency issue even though no harmful behavior is shown.

Skill content

"slug": "ai-video-script", "version": "1.0.0"

Recommendation

Confirm the skill source/version in the registry and prefer packages whose embedded metadata matches the published listing.

Info

#ASI03: Identity and Privilege Abuse

What this means

Running the optional workflow could use the user's configured Yijia/API account and possibly consume service quota.

Why it was flagged

The optional Yijia testing workflow may rely on a local executable or API key. This is expected for a video-generation integration, and the artifacts do not show credential leakage or unrelated credential use.

Skill content

若环境未配置 Yijia 可执行文件或 API Key，测试会卡在生成阶段

Recommendation

Verify which account/API key the local workflow uses and confirm any cost, quota, or account-impact implications before running generation commands.