ClawHub

Sora Video Generation

v1.0.0

Generate videos using OpenAI's Sora API. Use when the user asks to generate, create, or make videos from text prompts or reference images. Supports image-to-video generation with automatic resizing.

1· 2k·4 current·4 all-time
byPaul de Lavallaz@pauldelavallaz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the implementation: the script calls an OpenAI client to create/retrieve videos and downloads content. However, the registry metadata declares no required credentials while the script clearly requires an OpenAI API key (OPENAI_API_KEY or --api-key). That mismatch is unexpected and should have been declared.
Instruction Scope
SKILL.md and the script stay within the stated purpose: they accept prompt/image, resize images locally, call the Sora video create/retrieve endpoints, poll status, and download the resulting MP4. The script only reads the provided input image path, writes the output file, and uses the provided or environment API key — it does not attempt to read other system files or contact unknown hosts.
Install Mechanism
This is instruction-only (no install spec). The script lists dependencies in comments (openai, httpx, pillow) but there is no automated install step; that is not dangerous but is an operational omission — users must install dependencies themselves. No downloads from unknown URLs or extracted archives are present.
!
Credentials
The script requires an OpenAI API key (OPENAI_API_KEY or --api-key) to function. The registry metadata does not list any required env vars or primary credential, creating a discrepancy. Aside from the OpenAI key, no other secrets or unrelated env vars are requested, which is proportionate.
Persistence & Privilege
The skill is not always-enabled and has no install-time persistence behavior or attempts to modify other skills or system-wide config. It does not request elevated or persistent privileges.
What to consider before installing
Key points to consider before installing: - This tool will send your prompts and any reference images to OpenAI's video endpoints and requires your OpenAI API key (OPENAI_API_KEY or --api-key). The registry metadata failing to declare this is an inconsistency you should confirm with the publisher before proceeding. - The included script depends on Python packages (openai, httpx, pillow) but there is no install step — install those in a controlled environment (virtualenv) before running. - The script only talks to api.openai.com and saves the returned MP4; it does not contact other endpoints or exfiltrate unspecified data, based on the provided files. - Verify you are comfortable providing your OpenAI API key to this code; consider creating a dedicated API key with limited billing/quota for use with third-party skills. - If you need higher assurance, request the publisher to update registry metadata to declare OPENAI_API_KEY and to provide a reproducible install spec (requirements.txt or install script) and/or review their ownership/source (homepage is missing).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dae54np4jqhw2s98wer4t2h80k32p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments