Fal Ai
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: falai Version: 1.0.2 This skill is designed to interact with the fal.ai API for image and video generation. All network requests are directed to legitimate fal.ai domains (queue.fal.run, fal.ai/api/storage/upload/initiate). API keys are retrieved from expected OpenClaw locations (environment variables, ~/.openclaw/openclaw.json, or ~/.openclaw/workspace/TOOLS.md) and used securely in Authorization headers. File system access is limited to the OpenClaw workspace for skill state management (~/.openclaw/workspace/fal-pending.json) and API key retrieval. The `fal_client.py` script uses `ffprobe` via `subprocess.run` for video metadata, which is a legitimate use case and not vulnerable to command injection in its current implementation. The `SKILL.md` instructions are clear and focused on skill usage, with no evidence of prompt injection attempts to mislead the agent into malicious actions. No signs of data exfiltration, unauthorized remote control, or obfuscation were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your fal.ai account key to submit API jobs, which may consume fal.ai account quota or credits.
The helper obtains a fal.ai API key from environment or local OpenClaw configuration files, then uses it for authenticated fal.ai requests. This is expected for the integration but is sensitive credential access.
key = os.environ.get("FAL_KEY") ... config_file = Path.home() / ".openclaw/openclaw.json" ... if TOOLS_FILE.exists():Use a scoped/revocable fal.ai key if available, keep it out of shared files, and revoke or rotate it if you no longer trust the skill.
Images, videos, prompts, or data URIs you provide may be transmitted to fal.ai for processing.
Submitted prompts and media references/data are sent to fal.ai's queue API. This external provider flow is central to the skill's purpose, but users should recognize that their inputs leave the local environment.
FAL_API_BASE = "https://queue.fal.run" ... resp = requests.post(url, headers=get_headers(), json=input_data)
Only submit media and prompts you are comfortable sharing with fal.ai, and review fal.ai's data handling terms for sensitive content.
Sensitive prompts or media data may remain in the local pending-request file while jobs are tracked.
The queue tracker writes pending request records to disk and includes the submitted input data, which can contain prompts, media URLs, or base64-encoded local media.
PENDING_FILE = Path(os.environ.get("FAL_PENDING_FILE", Path.home() / ".openclaw/workspace/fal-pending.json")) ... "input": input_dataCheck or clear ~/.openclaw/workspace/fal-pending.json after sensitive jobs, and avoid using base64 data URIs for private media unless necessary.