Video Production

What to check before installing/use: - Do not trust the registry's 'no env vars' claim: the code requires GOOGLE_API_KEY (and some modules/scripts expect OPENAI_API_KEY). Only provide keys you control and understand the billing implications. Store them in a safe place and avoid using highly privileged or organization-wide keys. - Inspect scripts/quota_watcher.sh and any notification/integration code (the SKILL.md references texting a "Master" and an Orchestrator that mentions Telegram/iMessage). Confirm it does not post your API keys or project files to external, unknown endpoints or require additional credentials for messaging. - Run the skill in an isolated environment (dedicated venv, non-privileged account) and review network traffic if possible — the generators download assets from Google/OpenAI and the code writes files to the skill workspace. - Expect the scripts to create/overwrite files in the project dir (clips/, outputs). Back up anything important first. - Verify ffmpeg is installed from a trusted source and that the ffmpeg commands used match your needs. - If you plan to grant this skill to an autonomous agent, be cautious: it can make network API calls and generate/overwrite files. The metadata inconsistency (env vars omitted) reduces transparency; ask the publisher to fix registry metadata and provide a short security note about notification endpoints before using broadly. Confidence note: assessment is medium because the code appears to implement the described pipeline (not obviously malicious), but the metadata omission and notification/cron references are unexplained and warrant manual inspection.