kameo

Things to consider before installing or running this skill: - Do not run the scripts blindly. Review generate_video.sh / enhance_prompt.sh / register.sh before executing. - The skill requires a KAMEO_API_KEY (env or ~/.config/kameo/credentials.json) though the registry metadata omitted that. Set a dedicated key you control, and be ready to revoke it if needed. - The enhance_prompt.sh script uploads your image to Google Generative Language (Gemini) and requires GOOGLE_API_KEY. If you don't want your images sent to Google (privacy/sensitivity), avoid the enhanced workflow or modify the script to use a local/alternative vision model. - SKILL.md and USAGE.md include a plaintext API key-like string (kam_...); treat that as potentially exposed. Do not assume it is safe — if you paste that key into your environment you may be using someone else's credential. Prefer creating your own key via the service and rotate/revoke keys if you suspect reuse. - register.sh uses SUPABASE_URL and SUPABASE_ANON_KEY placeholders. Do not run it without ensuring those values point to a project you control; the script will transmit email/password and create API keys via that backend. - The scripts require curl, jq, and base64; ensure those binaries are present and review their usage. - If you plan to proceed: run the scripts in an isolated environment (container or throwaway VM), avoid exposing sensitive images/identities, and monitor/limit network egress. If you need more assurance, ask the publisher for a canonical homepage/repository and a statement of which external services are contacted (Gemini vs optional) and why the example API key appears in docs. Confidence is medium: the code matches the declared high-level purpose, but the undisclosed env requirements and embedded key are clear inconsistencies that warrant caution.