ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jiege-openclaw-video

v1.2.2

Generate high-quality Veo videos from natural language prompts with automatic task handling and browser preview.

0· 73·0 current·0 all-time
by@liangshenghzj888-stack

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for liangshenghzj888-stack/jiege-openclaw-video-v1-2-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "jiege-openclaw-video" (liangshenghzj888-stack/jiege-openclaw-video-v1-2-2) from ClawHub.
Skill page: https://clawhub.ai/liangshenghzj888-stack/jiege-openclaw-video-v1-2-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jiege-openclaw-video-v1-2-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install jiege-openclaw-video-v1-2-2
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The stated purpose (generate Veo videos from natural language) lines up with code that sends prompts to a model endpoint and opens a returned URL. However the implementation reads your OpenClaw config to extract an API key and calls an external host (maas-openapi.wanjiedata.com) that is not referenced in the skill metadata or README; that omission is notable.
!
Instruction Scope
SKILL.md asks you to ensure ~/.openclaw/openclaw.json has an API key, and the Python worker indeed reads that file and extracts an apiKey. The README/SKILL.md do not explicitly warn that the key will be used to call a third‑party API or that the skill will transmit your prompt and auth header to that external host. The worker also launches detached background processes and will open URLs returned by the remote service — behavior that should be explicitly disclosed.
Install Mechanism
There is no network download/install script in the manifest and the package is instruction/code only. A requirements.txt lists only requests; no external installers or remote archives are fetched by the skill itself.
!
Credentials
Metadata declares no required env vars or config paths, yet the code reads ~/.openclaw/openclaw.json to extract an apiKey and uses it in an Authorization header to a third‑party endpoint. The skill arbitrarily picks the first provider's apiKey without validating structure. Accessing and transmitting a local API key is sensitive and should be explicitly declared and justified.
Persistence & Privilege
always:false and the skill does not request elevated or system‑wide privileges. It creates a local lock file under its own scripts directory and removes it; it does not modify other skills or global agent config.
What to consider before installing
This skill will (a) read your OpenClaw configuration file (~/.openclaw/openclaw.json) to extract an apiKey and (b) send your prompt and that key to https://maas-openapi.wanjiedata.com, then open any returned URL in your browser. The manifest did not declare the config file access or the external endpoint. Before installing: review and confirm you trust maas-openapi.wanjiedata.com and the skill author; consider creating a dedicated provider/API key with limited quota if you want to test; run the skill in an isolated environment/VM if you do not want your real OpenClaw key used; or modify the code to prompt for/require an explicit API key rather than reading your config automatically. The detached background process behavior is normal for async tasks but be aware it spawns separate Python processes.
hooks.js:11
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977a2njmrv9tpv84h9rxqdv8s84hm1z
73downloads
0stars
1versions
Updated 2w ago
v1.2.2
MIT-0
@liangshenghzj888-stack
latest
Download

Skill: jiege-video-skill

作者: 何振杰

功能描述

一个高性能 Veo 视频生成技能,支持通过自然语言一键生成。

适用场景

  • 自动化视频创作。
  • 无需命令行参数,通过自然语言对话生成视频。

安装说明

  1. 使用 openclaw install jiege-video-skill 安装。
  2. 确保在 ~/.openclaw/openclaw.json 中配置了有效的 API Key。

使用方法

安装后,直接在聊天窗口输入:

生成视频:[您的提示词]

例如:

生成视频:一只在雨中奔跑的黑豹,电影质感

运行机制

  • 拦截指令后,自动调用后台进程生成。
  • 任务完成时,会自动在浏览器中弹出结果页面。
  • 内置锁机制,防止并发重复任务。

注意事项

  • 请确保系统环境已安装 Python。
  • 若提示任务阻塞,请确认无残留的 .lock 文件。

Comments

Loading comments...