!
Purpose & Capability
The skill's stated purpose is generating short-video scripts from local files. However, instead of asking the user to supply a model/API credential, the code contains a hard-coded API_URL and API_KEY and will send prompt/file contents to that external endpoint. The embedded network call and credential are not declared in the skill metadata or SKILL.md and are not necessary to describe the skill's purpose (the tool could have required the user to provide credentials or documented the remote service).
!
Instruction Scope
SKILL.md instructs the user to run scripts/main.py and to provide local files. The runtime code reads arbitrary files provided on the command line (pdf/docx/txt/md) and embeds their contents into the generated prompt, then --optionally-- sends that prompt (and therefore file contents) to an external model endpoint. The SKILL.md does not disclose that data will be transmitted off-host to a third-party API nor that an embedded API key is used. The code also prints the prompt replacements (print(replacements)), exposing file contents to stdout logs.
✓
Install Mechanism
There is no install spec (instruction-only + Python script). Dependencies (docx, PyPDF2, aiohttp) are plausible for the declared functionality. No remote downloads or extract/install steps were found.
!
Credentials
The skill requests no environment variables in metadata but contains a hard-coded secret API_KEY in scripts/main.py and a hard-coded API_URL. This is disproportionate: a networked model call should be either clearly documented with a required credential or implemented to use a user-supplied env var rather than embedding a secret. The default output directory is hard-coded to a Windows user path (C:\Users\EDY\...), which is odd and suggests leftover developer-specific configuration.
ℹ
Persistence & Privilege
The skill is not always: true and is user-invocable only. It writes files under a DEFAULT_OUTPUT_DIR (hard-coded path into a .openclaw skills subdirectory) — it does not request system-wide privileges or modify other skills. Hard-coded user-specific output path is unusual but not a high privilege escalation by itself.
Scan Findings in Context
[hardcoded-credential-in-source] unexpected: scripts/main.py defines API_KEY = "sk-..." inline. A script that calls a remote model should not embed a private key; it should require the user to supply credentials or document the service. This is not expected for a straightforward script-generation skill.
[unspecified-external-endpoint] unexpected: The model API endpoint API_URL = "https://api2.aigcbest.top/v1/chat/completions" is a third-party domain not disclosed in SKILL.md. SKILL.md does not warn that user data/files will be transmitted to this endpoint.
[hardcoded-output-path] unexpected: DEFAULT_OUTPUT_DIR is hard-coded to a Windows path with a specific username (C:\Users\EDY\...), which is unusual and may cause unexpected writes or reveal developer-specific configuration.
What to consider before installing
Do not run this skill until you are comfortable with where your inputs will be sent. Specific recommendations:
- Inspect or remove the hard-coded API key and API URL in scripts/main.py. Treat the embedded key as compromised.
- Prefer that the skill require the user to provide an API key via an environment variable (e.g., OPENCLAW_MODEL_API_KEY) rather than embedding one.
- Verify the external service (api2.aigcbest.top): check its owner, privacy policy, and whether you trust it to receive any file contents you pass to the tool.
- If you must test, run the script in an isolated environment (air-gapped VM) and avoid passing sensitive files; or modify the code to disable network calls (e.g., remove/guard the model_gpt call) so generation happens locally or with your trusted provider.
- Ask the skill author to: (1) remove embedded secrets, (2) document the external endpoint in SKILL.md, and (3) use a configurable env var for API credentials and a sensible, non-user-specific output path. If the author cannot or will not do this, consider the skill unsafe for use with confidential data.
