ClawHub

Kling

v1.0.0

Generate 5-second AI videos in 16:9 ratio using Kling 2.6 for fitness promos, UGC marketing, testimonials, and product demos.

4· 1.7k·10 current·10 all-time
by@alti-systems
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The JS code and SKILL.md consistently implement a text-to-video client for Kie.ai (endpoints: /jobs/createTask, /jobs/recordInfo, /user/credits). Requiring a KIE_API_KEY is coherent with that purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the code and SKILL.md.
Instruction Scope
Runtime instructions are narrowly scoped to generating videos, checking status, and checking credits. They reference running the included CLI and storing an API key in a .env file, but do not instruct reading unrelated system files or exfiltrating data to unexpected endpoints. All network calls go to api.kie.ai.
Install Mechanism
This is an instruction-only skill with no install spec. The package files include a simple dependency (axios). There is no downloadable installer or external URL; no archive extraction or unusual install behavior is present.
!
Credentials
The code requires KIE_API_KEY (process.env.KIE_API_KEY) and SKILL.md explicitly mentions storing the API key in .env, but the registry metadata declares no required env vars or primary credential. The skill does not include dotenv or logic to auto-load a .env file, which is a documentation/runtime mismatch. Requiring a single API key for the remote video service is proportionate, but the missing declaration is a notable inconsistency.
Persistence & Privilege
The skill does not request permanent/all-agent presence (always: false) and does not modify other skills or system configs. It has normal, limited privileges.
What to consider before installing
This skill appears to do what it claims (a Kie.ai text-to-video client). Before installing: 1) Be aware the code requires an API key named KIE_API_KEY — the registry metadata omitted this, so you must supply it to use the skill. 2) Prefer storing the key in a secure agent secret store rather than a plaintext .env file; the package does not include dotenv so the .env mention is only instructional. 3) Verify you trust the Kie.ai endpoint and the skill owner before providing credentials. 4) Review the code if you need guarantees (it only calls api.kie.ai endpoints). 5) If you deploy this in a multi-tenant environment, restrict the API key's permissions and monitor usage. If you need the metadata corrected (so the platform can surface required credentials), ask the publisher to declare KIE_API_KEY as the primary credential.

Like a lobster shell, security has layers — review code before you run it.

latestvk977az6emvjnnd787cjyqhd5qs80vy63

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments