ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hedra

v1.0.1

Generate images, videos, and lip-synced talking avatar videos from text prompts using Hedra AI models via the OpenClaw plugin.

0· 82·0 current·0 all-time
byMatt Stvartak@mattstvartak

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mattstvartak/openclaw-hedra.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Hedra" (mattstvartak/openclaw-hedra) from ClawHub.
Skill page: https://clawhub.ai/mattstvartak/openclaw-hedra
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-hedra

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-hedra
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The plugin implements Hedra image/video/avatar generation and only requires a Hedra API key and optional default model IDs — this is coherent with the stated purpose. However, the registry metadata at the top of the submission incorrectly lists no required environment variables/credentials while the package and SKILL.md explicitly require HEDRA_API_KEY (and openclaw.plugin.json documents it). The capability itself is appropriate for the name/description, but the metadata mismatch is suspicious.
Instruction Scope
SKILL.md and the plugin code restrict actions to Hedra API calls (base URL https://api.hedra.com/web-app/public). Runtime instructions focus on generating assets, listing models/voices, polling generation status, and configuring the Hedra API key. The instructions do not ask to read unrelated system files or exfiltrate data to other endpoints.
Install Mechanism
This is an instruction-only/packaged plugin with source files included; there is no download-from-arbitrary-URL install step. package.json lists only a small dependency (@sinclair/typebox) and normal dev deps. No high-risk install operations (remote archives, unknown hosts) are present.
!
Credentials
The plugin legitimately requires a single service credential (HEDRA_API_KEY) which is proportionate to its functionality. The concern is that the registry summary incorrectly states 'Required env vars: none' and 'Primary credential: none' while both SKILL.md and openclaw.plugin.json expect HEDRA_API_KEY — this inconsistency could lead to misconfiguration or surprise when the plugin fails at runtime or when users inadvertently expose keys. No other unrelated secrets or system paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only uses its own plugin config / environment variable. It registers tools for on-demand use and does not demand persistent elevated privileges.
What to consider before installing
This plugin's code and docs show it only talks to Hedra (https://api.hedra.com) and needs a Hedra API key (HEDRA_API_KEY or plugin config). However, the registry metadata omitted that credential — treat that as a packaging/metadata red flag. Before installing: 1) Verify the plugin origin (README references a GitHub repo; confirm the publisher and repository contents match the packaged files). 2) Only provide a Hedra API key scoped/minimal for the required operations and avoid placing it in global/shared env vars if possible. 3) Inspect the included source (dist/src) or compare with upstream repo to ensure no hidden callbacks or alternate endpoints have been added. 4) If you rely on this in a sensitive environment, consider running it in an isolated environment or network with egress limited to Hedra domains. If the publisher cannot explain the metadata mismatch and origin, consider this suspicious and avoid installing until clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk972xf1j5wdhhpm0npa968w42n847rrw
82downloads
0stars
1versions
Updated 3w ago
v1.0.1
MIT-0
Matt Stvartak@mattstvartak
latest
Download

Hedra Plugin for OpenClaw

AI video and image generation plugin for OpenClaw powered by Hedra. Generate talking avatars, videos from text prompts, and images — all from your agent.

Features

  • Image generation — create images from text prompts with configurable aspect ratios and resolutions
  • Video generation — text-to-video and image-to-video with optional start/end keyframes
  • Talking avatars — lip-synced avatar videos from a portrait image + audio or text-to-speech
  • Voice listing — browse available TTS voices for avatar generation
  • Model listing — discover available Hedra models and their capabilities
  • Credit tracking — check your Hedra credit balance

Requirements

Configuration

Set your API key in openclaw.json:

{
  "plugins": {
    "entries": {
      "hedra": {
        "enabled": true,
        "config": {
          "apiKey": "sk_h_your-key-here"
        }
      }
    }
  }
}

Or use the HEDRA_API_KEY environment variable.

SettingDefaultDescription
apiKeyHedra API key (falls back to HEDRA_API_KEY env var)
defaultVideoModelDefault model for video generation
defaultImageModelDefault model for image generation

Registered Tools

ToolDescription
hedra_generate_imageGenerate images from text prompts
hedra_generate_videoGenerate videos from text prompts, optionally with a start image
hedra_generate_avatarGenerate talking avatar videos from a portrait + audio/TTS
hedra_generation_statusCheck generation status and get result URLs
hedra_list_modelsList available Hedra AI models
hedra_list_voicesList available TTS voices for avatars
hedra_creditsCheck credit balance

Usage Examples

Generate an image

"Generate a photo-realistic image of a mountain lake at sunset"

The agent calls hedra_list_models to choose the best image model, then hedra_generate_image with the prompt and returns the result URL.

Generate a video

"Create a 5 second video of ocean waves crashing on a beach"

The agent calls hedra_list_models to choose the best video model, then hedra_generate_video with the prompt and duration.

Create a talking avatar

"Make this portrait say 'Hello, welcome to our product demo'"

The agent calls hedra_list_voices to pick a voice, then hedra_generate_avatar with the portrait asset ID, TTS text, and voice ID.

Comments

Loading comments...