Heavy Metal Testing Video
v1.0.0AI video creation for heavy metal testings, wealth management practices, independent financial planners, and registered investment advisors — generate retire...
⭐ 0· 0·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and long marketing-oriented description align with an AI-driven video/content creation purpose. It declares no binaries, env vars, or installs, which is proportionate for a content-generation helper (no obvious need for cloud credentials or system-level access).
Instruction Scope
The provided SKILL.md excerpt is largely descriptive and use-case oriented rather than procedural. Because the full SKILL.md (17KB) was truncated in the review prompt, I cannot confirm whether runtime instructions ask the agent to collect client PII, read local files, or upload videos to external accounts. If the runtime instructions ask for sensitive client information, posting to user social accounts, or to transmit files to third-party endpoints, that would be scope creep and a privacy/regulatory concern.
Install Mechanism
No install spec and no code files present. This is the lowest-risk install posture: nothing is written to disk and nothing is automatically fetched or executed.
Credentials
The skill declares no required environment variables, primary credential, or config paths. That is proportionate for a marketing/video content generation role. Any later request for credentials (social media API keys, cloud storage keys, etc.) would be unexpected and should be treated as suspicious.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by default but is not combined with any elevated privileges or declared persistent hooks. No evidence the skill attempts to modify other skills or system config.
Assessment
This skill appears internally consistent for generating marketing and explainer videos and doesn't request credentials or installs. Before installing or using it: (1) review the full SKILL.md to ensure it doesn't ask you to upload client PII, read local files, or call unexpected external endpoints; (2) never paste or upload real client personal or financial data unless you have explicit consent and a secure, audited channel; (3) if the skill later asks for social-media or cloud API keys, treat that as unexpected — provide only least-privilege tokens and prefer revocable test accounts; (4) verify outputs for regulatory compliance (advertising, fiduciary/disclosure language) before publishing; and (5) consider running the skill in a sandboxed environment first. If you see any instructions to collect broad system data, credentials, or to post content to arbitrary URLs, do not proceed and seek clarification.Like a lobster shell, security has layers — review code before you run it.
latestvk97abnvvfz38vfmtj678x21x6984eh0w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.