ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memelord

AI-powered meme generation, meme editing, meme video generation for your projects, powered by memelord.com's trending memetic data

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 10 · 0 current installs · 0 all-time installs
byJason Levin@iamjasonlevin
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, declared binaries (node, curl, realpath), and required env (MEMELORD_API_KEY) line up with the included scripts, which make HTTP requests to https://www.memelord.com API endpoints and download media. The requested capabilities are proportional to meme/image/video generation.
Instruction Scope
SKILL.md and the scripts stick to generating, editing, polling, downloading, and verifying webhook payloads for memelord.com. They do source a local .env file and write files into outputs/; the README suggests a /root path in an example (odd in multi-user environments) but this is just an example. The scripts accept webhook URL/secret parameters; using webhooks means you will expose an external callback surface if you supply a public webhook URL.
Install Mechanism
No install spec — the skill is delivered as runnable shell/node scripts and assumes node/curl/realpath are present. Nothing is downloaded from arbitrary URLs during install; files are plain-text and readable.
Credentials
The skill declares a single required secret (MEMELORD_API_KEY), which is appropriate. However _env.sh auto-sources and export-s everything from a local .env file: that means if you put additional unrelated secrets in .env they will be exported into the skill's process environment and any child processes. Also several scripts accept webhook secrets as CLI args — be careful not to expose secrets in logs or shared command histories.
Persistence & Privilege
always is false and the skill does not request any elevated or persistent platform privileges. It does not modify other skills or system config. Runtime behavior is limited to making HTTP requests and writing to the local workspace.
Assessment
This skill appears to do what it says: call memelord.com APIs to create/edit memes and download results. If you install it, only provide the MEMELORD_API_KEY it requests and avoid putting other unrelated secrets into the same .env file because _env.sh exports everything it finds. When using webhooks, prefer ephemeral or dedicated webhook endpoints and avoid passing secrets on shared command lines or logs. If you need higher assurance, inspect the scripts yourself and run them in a restricted workspace/container before giving them network access to your main environment.
!
scripts/ai-meme-edit.sh:94
File read combined with network send (possible exfiltration).
!
scripts/ai-meme.sh:89
File read combined with network send (possible exfiltration).
!
scripts/render.sh:77
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
contentvk97990erwv8g5jvj4fennrydph8302fflatestvk97875y6fgaky96jty7x0v8sw9831b12marketingvk97990erwv8g5jvj4fennrydph8302ffmemesvk97990erwv8g5jvj4fennrydph8302ff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

😂 Clawdis
Binsnode, curl, realpath
EnvMEMELORD_API_KEY
Primary envMEMELORD_API_KEY

SKILL.md

Memelord Skill

Generate image and video memes on demand through the Memelord API with a set of ready-to-run helper scripts.

Setup

  1. API key – export it once per shell (or drop it into .env). 
    export MEMELORD_API_KEY="YOUR_KEY"
  2. Executable scripts – the repo ships with chmod +x already applied. If you clone from somewhere that strips modes, just run: 
    chmod +x scripts/*.sh
  3. (Optional) create an outputs/ folder to keep downloaded memes tidy: 
    mkdir -p /root/.openclaw/workspace/outputs

CLI Overview

ScriptEndpointPurpose
scripts/ai-meme.shPOST /api/v1/ai-memeGenerate fresh image memes
scripts/ai-meme-edit.shPOST /api/v1/ai-meme/editEdit an existing image meme
scripts/ai-video-meme.shPOST /api/v1/ai-video-memeKick off async video meme renders
scripts/ai-video-meme-edit.shPOST /api/v1/ai-video-meme/editRe-caption an existing video meme
scripts/video-render-remote.shGET /api/video/render/remotePoll render job status / URLs
scripts/verify-webhook.shhelperValidate webhook signatures

All scripts accept --out <path> so you can control where JSON responses land.

1. Generate image memes (1 credit)

./scripts/ai-meme.sh "developer fixing bugs at 3am" --png ./outputs/meme.png
./scripts/ai-meme.sh "when the code works on the first try" --count 3 --png ./outputs/meme_%d.png

2. Edit an image meme (1 credit)

./scripts/ai-meme-edit.sh --from ./memelord_ai_meme.json \
  --instruction "make it about javascript instead" --png ./outputs/edited.png

# or supply template metadata manually
./scripts/ai-meme-edit.sh --template-id abc-123 --template-data-file ./template_data.json \
  --instruction "change the top text" --out ./outputs/edit.json

3. Generate video memes (5 credits, async)

./scripts/ai-video-meme.sh "when the code works on the first try" --count 2 --out ./outputs/jobs.json

# with webhook callbacks
./scripts/ai-video-meme.sh "ship it" \
  --webhook-url https://example.com/webhook \
  --webhook-secret supersecret

4. Edit a video meme caption (5 credits, async)

./scripts/ai-video-meme-edit.sh --template-id abc-123 \
  --caption "When the code works on the first try" \
  --instruction "make it about not knowing why it works" \
  --out ./outputs/video_edit_job.json

5. Poll video render status

./scripts/video-render-remote.sh --job-id render-1740524400000-abc12 --out ./outputs/status.json

6. Verify webhook signatures

./scripts/verify-webhook.sh --secret "$WEBHOOK_SECRET" --body-file ./payload.json --signature "<hex>"

Sharing memes in chat surfaces (no links, just media)

When you want Telegram/Signal/WhatsApp/etc. to show only the meme (no caption/link blob), follow this pattern:

  1. Generate or edit the meme as usual (ai-video-meme.sh, ai-meme.sh, etc.).
  2. Poll the job if it’s a video (video-render-remote.sh) until you see mp4Url (or url for images) in the JSON.
  3. Download the asset into your workspace. Example for a video: 
    curl -sSL "<mp4Url-from-status>" -o ./outputs/hiring_engineers.mp4
    For images, the --png flag already writes the file; otherwise curl the url the same way.
  4. Send the file itself back to the chat using the OpenClaw media syntax so only the video/image appears: 
    MEDIA:./outputs/hiring_engineers.mp4
    (Swap the extension for .png/.webp for still memes.)

Because the attachment is the only thing in the reply, Telegram renders it inline without any auto-generated “description + link” chatter.

Credits: Memelord gives you 50 video/image credits per month on the base subscription. Top up or read more at https://www.memelord.com/docs.

Files

11 total
Select a file
Select a file to preview.

Comments

Loading comments…