gemini video analyze
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gemini-video-analyze Version: 1.0.0 The skill bundle is benign. It provides a Python script (`scripts/gemini_video_url_analyzer.py`) to analyze public video URLs using the Google Gemini API. The script securely handles API keys from environment variables or command-line arguments and passes user-provided video URLs and prompts to the `google-genai` library for interaction with Google's legitimate API. There is no evidence of data exfiltration beyond the necessary API key for authentication, no malicious execution (e.g., shell injection, arbitrary code execution), no persistence mechanisms, and no prompt injection attempts in the `SKILL.md` or `agents/openai.yaml` that would lead to unauthorized actions by the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can make requests billed or governed under the user's Google API account.
The skill uses a Google/Gemini API key, which is expected for calling Gemini, but users should recognize that it relies on their Google API credential.
api_key = cli_api_key or os.getenv("GEMINI_API_KEY") or os.getenv("GOOGLE_API_KEY")Use a dedicated, least-privileged Gemini API key if possible, and avoid passing the key on the command line where shell history may retain it.
Google Gemini will receive the video URL and the user's analysis prompt.
The script sends the provided video URL and prompt to the Gemini provider for analysis. This is central to the skill's purpose, but it is still an external data flow.
response = client.models.generate_content(model=args.model, contents=contents)
Only use public video URLs as documented, and do not include confidential information in prompts unless that use is acceptable under your Google/Gemini data policy.
A user may need to install the Google GenAI package manually before the script works.
The dependency is not installed automatically and is expected for Gemini access, but it is not captured in an install specification or pinned version.
"Missing dependency 'google-genai'. Install it with: pip install google-genai"
Install dependencies from trusted package indexes and consider pinning a known-good google-genai version in environments that require reproducibility.