Fal Ai
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent fal.ai media-generation skill, but it uses a fal.ai API key, sends prompts and media to fal.ai, and stores pending request details locally.
This skill is reasonable for fal.ai image and video generation. Before installing, be comfortable with giving it access to a fal.ai API key, sending prompts/images/videos to fal.ai, and storing pending request details locally. Consider using a revocable API key and clearing the pending file after sensitive jobs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your fal.ai account key to submit API jobs, which may consume fal.ai account quota or credits.
The helper obtains a fal.ai API key from environment or local OpenClaw configuration files, then uses it for authenticated fal.ai requests. This is expected for the integration but is sensitive credential access.
key = os.environ.get("FAL_KEY") ... config_file = Path.home() / ".openclaw/openclaw.json" ... if TOOLS_FILE.exists():Use a scoped/revocable fal.ai key if available, keep it out of shared files, and revoke or rotate it if you no longer trust the skill.
Images, videos, prompts, or data URIs you provide may be transmitted to fal.ai for processing.
Submitted prompts and media references/data are sent to fal.ai's queue API. This external provider flow is central to the skill's purpose, but users should recognize that their inputs leave the local environment.
FAL_API_BASE = "https://queue.fal.run" ... resp = requests.post(url, headers=get_headers(), json=input_data)
Only submit media and prompts you are comfortable sharing with fal.ai, and review fal.ai's data handling terms for sensitive content.
Sensitive prompts or media data may remain in the local pending-request file while jobs are tracked.
The queue tracker writes pending request records to disk and includes the submitted input data, which can contain prompts, media URLs, or base64-encoded local media.
PENDING_FILE = Path(os.environ.get("FAL_PENDING_FILE", Path.home() / ".openclaw/workspace/fal-pending.json")) ... "input": input_dataCheck or clear ~/.openclaw/workspace/fal-pending.json after sensitive jobs, and avoid using base64 data URIs for private media unless necessary.