Veed Fabric

Generate talking head videos from a photo using VEED Fabric 1.0. Triggers on mentions of "veed", "fabric", or "talking video". Turns a headshot + audio or te...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 23 · 0 current installs · 0 all-time installs

by@mattdotroberts

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's stated purpose (create talking‑head videos with VEED Fabric) matches the instructions and rule files: it validates formats, uploads local files, posts to fal.ai queue endpoints, polls for completion, and downloads the MP4. However, the declared registry metadata lists no required environment variables or primary credential, while SKILL.md and the rule files explicitly REQUIRE an FAL_KEY environment variable. That mismatch (metadata says 'none' but the runtime requires a secret) is an incoherence that should be resolved before trusting the skill.

ℹ

Instruction Scope

The SKILL.md and rule files are explicit about what to do: validate input, possibly upload local files (via fal.ai presigned URL flow), call queue endpoints, poll status, and download results to ./output. Those actions are within the stated purpose. Important operational behaviors to note: (1) local files are uploaded to a fal.ai CDN and thus become publicly accessible URLs; (2) the instructions assume availability of command‑line tools (curl, jq, file, mkdir, date) even though the metadata doesn't declare them. No instructions try to read unrelated system files or exfiltrate to third‑party endpoints other than fal.ai / fal.media / queue.fal.run.

✓

Install Mechanism

This is an instruction‑only skill with no install spec or code files to execute. That reduces the attack surface compared with skills that download and run code. The workflow uses standard HTTP calls (curl) and local file operations documented in the rules.

Credentials

The skill legitimately needs a single credential (FAL_KEY) to call fal.ai APIs, and the instructions explicitly require it and forbid asking the user to paste the key inline. However, the registry metadata does not declare this required environment variable or mark it as the primary credential. That omission is inconsistent and could trick users or operators into installing without providing the right secret handling. Additionally, because local files are uploaded and become publicly accessible, the skill's credential grants access to an external storage/CDN — users should verify whether that API key can be scoped or rotated, and be aware of privacy/PII implications.

✓

Persistence & Privilege

The skill does not request 'always: true' or other elevated platform privileges. It operates interactively/autonomously in the normal way, writes output to a relative ./output directory, and does not attempt to modify other skills or system configuration. Autonomous invocation is enabled (the platform default) which is expected for skills; combine that with the other concerns when deciding to install.

What to consider before installing

What to check before installing or using this skill: - Metadata mismatch: the skill requires an FAL_KEY at runtime, but the registry metadata does not declare it. Don't assume the skill will work without setting FAL_KEY — and don't paste your key into chat. Set FAL_KEY in your environment as instructed. - Public uploads: local images and audio will be uploaded to fal.ai's CDN and become publicly accessible URLs. Do not use sensitive photos (IDs, private documents, or private people) unless you are comfortable they will be hosted publicly. Test with non-sensitive images first. - Credential scope: use a dedicated fal.ai API key you can revoke, and check whether fal.ai supports scoped/restricted keys. Avoid using long‑lived or high‑privilege keys from other projects. - Binaries assumed: the instructions rely on curl, jq, file, mkdir, date, and shell behavior. Ensure those tools exist in the runtime environment or the commands will fail. The skill metadata does not list these dependencies — ask the publisher to declare them explicitly. - Endpoints and URLs: the rule files reference rest.fal.ai, v3.fal.media, queue.fal.run and other fal domains. Confirm these endpoints match official fal.ai docs and that you trust fal.ai for hosting content. - Costs & privacy: the spec shows per‑second pricing. Make sure you understand cost implications (fast vs standard, resolution choices) before generating long videos. Uploaded media and generated videos will be stored on fal.ai hosts — review fal.ai's privacy/storage terms if this matters. - Publisher provenance: the skill's owner and homepage are not clearly identifiable. If you rely on this in production, ask for a verified publisher, source repo, or review the skill source on a trusted site. If you decide to use it: create a dedicated, revocable FAL_KEY, test with throwaway content, verify the upload and download flows in a safe environment, and ask the publisher to update the registry metadata to declare FAL_KEY and any required CLI tools.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0

Download zip

latestvk97ekb9kzx7e8nwada47m9ndns830c2p

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

VEED Fabric — Talking Video Generator

Create realistic talking head videos from a single photo. Built for founders and non-video-makers who need professional video content without video editing skills.

When to Use

Activate this skill when the user mentions:

"veed" or "fabric" (the product/model name)
"talking video" or "talking head video"
"lip sync" or "lipsync" with a photo
"animate my photo" to speak

MUST NOT activate on generic video requests like "make a video" or "create content" unless they specifically mention VEED or Fabric.

Prerequisites

MUST check that the FAL_KEY environment variable is set before doing anything else. If it is not set, show the user:

FAL_KEY environment variable not found.

1. Get your API key at https://fal.ai/dashboard/keys
2. Set it: export FAL_KEY=your_key_here

MUST NOT proceed without a valid key. MUST NOT ask the user to provide the key inline.

Lip-sync from audio

When the user has a photo and an audio file (recorded voiceover, podcast clip, etc.), load ./rules/lip-sync.md for the full workflow.

Text-to-video

When the user has a photo and a written script (text they want spoken aloud), load ./rules/text-to-video.md for the full workflow.

Uploading local files

When the user provides a local file path instead of a URL, load ./rules/file-upload.md for the upload procedure.

Queue and polling

Video generation is async. Load ./rules/queue.md for the queue submission, polling, and result retrieval flow.

How to use

Read individual rule files for detailed explanations and working code:

rules/lip-sync.md - Image + audio lip-sync workflow, supported formats, API parameters
rules/text-to-video.md - Image + text workflow, voice presets, text limits
rules/file-upload.md - Uploading local files to fal.ai CDN for use as inputs
rules/queue.md - Async queue submission, status polling, result retrieval
rules/output.md - Downloading and saving the generated video
rules/errors.md - Error handling, validation, and troubleshooting

Files

9 total

Select a file

Select a file to preview.

Comments

Loading comments…