Skillv1.0.6

ClawScan security

Next Video Gen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 9:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised Volcengine/Seedance video/image generation and only needs the DOUBAO_API_KEY, but there are packaging/metadata inconsistencies and minor scope surprises you should review before installing.
Guidance: This package appears to be what it claims (a Volcengine Seedance-based media generator) and only needs your DOUBAO_API_KEY, but there are a few packaging inconsistencies you should check before installing: - Verify API key scope and rotate/revoke it if you later remove the skill. Only provide DOUBAO_API_KEY if you trust the source. - The registry metadata omitted the required env/binary declarations that appear in SKILL.md and scripts (node required, DOUBAO_API_KEY required). Treat this as a packaging oversight but confirm you are comfortable giving the skill a key. - Installer (bin/cli.js) runs local commands to find the skills directory and will copy files into ~/.openclaw/skills (or a directory you specify). Review the files locally (SKILL.md, scripts/, bin/) before running the installer and avoid running unreviewed installers as root. - The scripts will fetch user-supplied URLs (images/videos/audio) and save generated outputs to ~/Videos/next-video-gen/ by default — be mindful of what URLs you provide and where output is written. - The installer uses child_process (execSync/spawnSync) for detection; this is normal for installers but means it will execute shell commands locally — inspect the script if you have doubts. If you want higher assurance, ask the publisher to fix the metadata mismatch (declare node and DOUBAO_API_KEY in the registry fields) or run the scripts in an isolated environment (container or dedicated VM) and inspect the code prior to providing your API key.

Review Dimensions

Purpose & Capability: noteFunctionality (text→image/video, image→video, video→video) matches the description and all network calls target Volcengine Ark endpoints (ark.cn-beijing.volces.com). Requesting DOUBAO_API_KEY is appropriate for this purpose. However, the registry header lists no required env/bins while SKILL.md and the scripts require node and DOUBAO_API_KEY — this metadata mismatch is inconsistent.
Instruction Scope: noteSKILL.md and the scripts guide the agent to copy files into a skills directory, check dependencies, prompt for API key, call the Volcengine APIs, and download generated media to ~/Videos/next-video-gen/. The runtime instructions do not ask for unrelated system secrets or to read arbitrary local files, but the installer will probe for an OpenClaw skills path (running 'which/where' and optionally calling openclaw CLI) and will copy files into user directories. The scripts also accept user-supplied remote URLs (images/videos/audio) which will be fetched — expected but worth noting.
Install Mechanism: noteThere is no formal install spec in registry metadata; instead an included CLI installer (bin/cli.js) copies files into the user's skills directory. All code is included in the package (no downloads from arbitrary third-party URLs during install). The installer uses child_process execSync/spawnSync to probe the environment (e.g., checking openclaw); this is expected for an installer but increases the surface you should trust. No remote install/extraction from unknown hosts was observed.
Credentials: concernRuntime requires only DOUBAO_API_KEY (primaryEnv) which is proportionate to calling Volcengine Ark APIs. However, the registry metadata at the top of the package listing states 'Required env vars: none' while SKILL.md metadata and code require DOUBAO_API_KEY — this discrepancy is misleading. The scripts also recommend/expect curl and jq (installer checks for them), but the Node scripts implement HTTP/downloads themselves, so the curl/jq requirement appears inconsistent.
Persistence & Privilege: okSkill is not forced 'always' and does not request elevated or cross-skill configuration changes. The installer will copy files into a per-user skills directory and set execute permissions on its own scripts — normal for a skill installer.