ClawHub

gemini video analyze

v1.0.0

Send a public video URL directly to a Google Gemini model for analysis. Use when Codex must summarize a video, answer questions about video content, or extra...

0· 503·2 current·2 all-time
byStojoc Vladimir@tokyo-s
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to analyze public video URLs with Google Gemini and the included script implements exactly that. However, the registry metadata declares no required environment variables or primary credential, while the SKILL.md and script require a GEMINI_API_KEY/GOOGLE_API_KEY — a clear mismatch between declared requirements and actual runtime needs.
Instruction Scope
SKILL.md and the script limit actions to sending the provided public video URL and a prompt to Gemini and printing the text result. The instructions do request an API key and a publicly accessible URL only. There are no instructions to read unrelated files or exfiltrate data to endpoints other than Gemini. Minor oddity: SKILL.md references 'Codex' in the description, which is unrelated to the Gemini integration but likely harmless.
Install Mechanism
There is no install spec (instruction-only plus a script). The script requires the third-party package 'google-genai' and advises 'pip install google-genai' when missing. This is expected for a Gemini integration but the registry should declare this dependency; no explicit package download from untrusted URLs is present.
!
Credentials
At runtime the tool requires a single API key (GEMINI_API_KEY or GOOGLE_API_KEY), which is proportionate for calling Gemini. However, the registry metadata failing to declare this credential is a problem. Also note: GOOGLE_API_KEY can sometimes be a broadly scoped key — users should prefer a minimal-scope Gemini API key if available.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system-wide settings, and does not request elevated privileges. Autonomous invocation remains enabled by default (normal for skills) but is not combined with broad/hidden credential requests here.
What to consider before installing
This skill appears to do what it says (send a public video URL to Google Gemini and print the text result), but the package metadata omitted important runtime requirements. Before installing or running it: (1) be aware the script will send the video URL and your prompt to Google — do not use it with private/personal videos or sensitive content; (2) supply a GEMINI_API_KEY (or GOOGLE_API_KEY) and prefer a minimally scoped Gemini key rather than a broad GOOGLE_API_KEY; (3) you'll need the 'google-genai' Python package (pip install google-genai); (4) the registry should have declared the required env var and dependency — treat the omission as a sign of sloppy packaging and prefer to inspect or pin the dependency before use. If you need higher assurance, ask the maintainer to update metadata to list required env vars and dependencies and to provide a pinned install spec.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qz7fy1m1f82gx6k5bgagbd81jdj4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments