ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Media Gen Vision Video

v1.0.0

Generate and analyze images, and generate videos using OpenClaw's preferred Google media workflows. Use when the user asks to create, edit, inspect, compare,...

0· 102·0 current·0 all-time
by@danielwpp

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for danielwpp/media-gen-vision-video.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Media Gen Vision Video" (danielwpp/media-gen-vision-video) from ClawHub.
Skill page: https://clawhub.ai/danielwpp/media-gen-vision-video
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install media-gen-vision-video

ClawHub CLI

Package manager switcher

npx clawhub@latest install media-gen-vision-video
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md repeatedly instructs using Google-native models (Nano Banana 2 / Gemini / Veo 3.1) and 'official Gemini API workflow', but the skill declares no required environment variables, primary credential, or config paths to supply Google API credentials. If the skill truly needs direct access to Google media APIs, it should request credentials or a connector; the absence is inconsistent.
Instruction Scope
Runtime instructions require generating, saving, and delivering binary media files (images/videos) and say to 'save the final file with a stable filename' and 'send the generated asset directly into the conversation.' Those are reasonable for the stated purpose but imply file system and attachment APIs. The skill does not specify where to store files, how to obtain user-supplied reference images, or what channels are used to deliver assets — this ambiguity could lead to broader access than expected.
Install Mechanism
Instruction-only skill with no install spec or remote downloads. This is low-risk from an installation perspective because no new code is written to disk by an installer.
!
Credentials
No env vars or credentials are declared, yet the workflow clearly needs access to Google APIs (which normally require API keys or OAuth tokens). This omission is disproportionate: either the platform must supply a connector implicitly (which should be documented) or the skill is failing to declare needed secrets.
Persistence & Privilege
always is false and there are no install hooks or requests to modify other skills or global settings. The skill does request the ability to save and send files, which is normal for media workflows and does not itself indicate elevated persistent privilege.
What to consider before installing
This skill's instructions clearly expect access to Google media models and to save/send media files, but it doesn't declare any credentials or config paths. Before installing, ask the publisher or platform: (1) How are Google/Gemini/Veo credentials supplied (API key, OAuth connector, or built-in platform integration)? (2) Where will generated files be stored and who can access them? (3) Will the skill run autonomously and could it upload user images to external services? If the platform supplies a documented, least-privilege Google connector (or the skill explicitly lists required env vars like GOOGLE_API_KEY/GEMINI_TOKEN and explains storage locations), the mismatch is resolved and the skill is more acceptable. Without that information, treat the skill as suspicious because it asks the agent to do things that normally require credentials and file access but does not declare them. Provide these answers or update the skill metadata (required env vars/config paths) before enabling it in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk974sq882dtb51fpvbyvm9k6qn83rcwa
102downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@danielwpp
latest
Download

Media Generation, Vision, and Video

Choose the right path

  • Image generation or editing: use the preferred Nano Banana 2 / Gemini image workflow.
  • Image understanding / screenshot analysis: use Gemini multimodal image understanding.
  • Video generation: use Google Veo 3.1.

Non-negotiables

  • Prefer Google-native media models and official flows first.
  • Preserve aspect ratio, resolution, style, and reference-image constraints.
  • Do not guess image contents when a multimodal path is available.
  • Do not claim video generation succeeded unless a real video file was produced.
  • When delivering files, send the generated asset directly into the conversation when supported.
  • For successful image or video generation, always deliver the actual media asset to the chat; do not stop at a summary or path when direct sending is available.

Image generation and editing

  • Use the preferred image tool path first.
  • For edits, keep the user’s reference image identity intact unless explicitly asked to change it.
  • If the user specifies size or ratio, honor it exactly when possible.
  • If the task asks for multiple variants, generate a small set rather than one-by-one loops.

Image understanding

  • Use multimodal analysis for screenshots, photos, and UI inspection.
  • Report only what is visible or strongly supported.
  • Separate confirmed observations from inference.
  • If the image is unreadable or only partially visible, say so plainly.

Video generation

  • Default to Veo 3.1.
  • Prefer the official Gemini API workflow when possible.
  • Save the final file with a stable filename before sharing it.
  • If video output is not available in the current environment, say that clearly and identify the blocker.
  • Do not substitute a still image or text summary for an actual video file unless the user accepts that fallback.

Delivery and reporting

  • Return the generated asset when available.
  • If the user asks for a file, do not bury it in prose—attach or send it directly.
  • Keep the response short: result, file/path if any, and blockers if any.

Comments

Loading comments...