Skillv1.0.5

ClawScan security

VibeVideoIO AI Script to Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 9:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package's code and runtime instructions match its stated purpose (log into bollo.video/vibevideo.io, list projects, create episodes) and its filesystem/network actions are proportional and local; no evidence of hidden exfiltration or unrelated privileges was found.
Guidance: This package appears coherent: it is a node-based CLI for VibeVideo Studio and its files implement the login/CAPTCHA/episode-creation flows described in SKILL.md. Before installing or registering the skill, consider: 1) the package will store session tokens and CAPTCHA images under your OpenClaw home (~/.openclaw by default); inspect those files if you need to revoke or remove credentials. 2) Registration (npm run openclaw:register) copies the skill into ~/.openclaw/skills — do not run it unless you trust the skill source. 3) The package requires Node >=20; ensure you run it in a trusted environment. 4) The small metadata mismatch (registry shows no required binaries while SKILL.md/package.json expect node) is benign but worth noting. If you want extra assurance, review the included scripts (skills/.../scripts/vibevideo-studio.mjs and register-openclaw-skill.mjs) yourself or run them in an isolated environment before adding them to your primary OpenClaw installation.

Review Dimensions

Purpose & Capability: okThe skill name and description match the included CLI code and SKILL.md: the package provides a node-based CLI to login, list Studio projects, create episodes, handle CAPTCHA/email flows, and logout against bollo.video or vibevideo.io. Minor inconsistency: registry-level 'Requirements' reported no required binaries, while the skill metadata and package.json clearly expect Node.js (node >=20) and the SKILL.md lists node in metadata; this is a small metadata mismatch, not a functional red flag.
Instruction Scope: okThe SKILL.md is explicit: it instructs the agent to run the local CLI (node .../scripts/vibevideo-studio.mjs) to perform login, projects, create-episode, and logout. The CLI reads/writes local OpenClaw session and media files (under ~/.openclaw by default), handles CAPTCHA and email verification only as part of login, and does not attempt OCR or automatic external delivery except via the documented OpenClaw messaging hooks. There are no instructions to read unrelated system files or to send arbitrary data to unknown endpoints; API endpoints used are bollo.video and vibevideo.io as described.
Install Mechanism: noteThere is no remote download/install step; the package includes a local registration script (scripts/register-openclaw-skill.mjs) that, when run, copies the skill into the user's OpenClaw home (~/.openclaw/skills/<skillId>) and writes a managed marker. The script does file copies locally and filters common build artifacts; it is not run automatically during postinstall. Because it operates only on local filesystem paths and does not fetch remote code, install risk is low — but running the registration script will write files into the user's OpenClaw skills directory.
Credentials: okThe skill does not require external API keys or secrets via environment variables. It optionally respects OPENCLAW_HOME to locate its storage and reads OPENCLAW_MCP_SESSION_KEY to detect OpenClaw session context; the register script respects OPENCLAW_VIBEVIDEO_STUDIO_SKIP_POSTINSTALL and OPENCLAW_VIBEVIDEO_STUDIO_AUTO_SETUP to control registration. These environment variables are proportional to the described functionality (local storage location and registration control).
Persistence & Privilege: noteThe CLI persistently stores session state and CAPTCHA media under the OpenClaw home (DEFAULT_SESSION_FILE and DEFAULT_CAPTCHA_DIR, e.g. ~/.openclaw/secrets and ~/.openclaw/media) and the optional registration step copies the skill into the user's OpenClaw skills folder. always:true is not set. Autonomous invocation by the agent is allowed (platform default) — combined with the local storage behavior this means a skill run can create or update local session files, which is expected for a provider-bridge skill but users should be aware of token persistence and where files are stored.