Visla AI Video Creation
AdvisoryAudited by Static analysis on May 1, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act through the user's Visla API credentials, including creating videos and checking account information.
The skill requires a Visla API key and secret, which are sensitive credentials that allow use of the user's Visla account.
requires:
env: [ "VISLA_API_KEY", "VISLA_API_SECRET" ]
primaryEnv: "VISLA_API_KEY"Use a Visla API key intended for this purpose, keep the secret out of chat responses, and revoke or rotate the key if you no longer trust the skill.
Documents, scripts, audio, images, or webpage content you provide may be uploaded to Visla's service.
The skill is designed to send user-selected scripts, documents, URLs, media, or related content to Visla for video generation; the artifact explicitly warns about sensitive data.
Only process local files (scripts/docs) explicitly provided by the user, and remind users to avoid uploading sensitive data.
Only use files and URLs you are comfortable sending to Visla, and avoid confidential, regulated, or personal data unless your Visla account and policies allow it.
If the saved credential file contained unexpected shell commands, sourcing it could run those commands.
Sourcing a file in Bash executes its shell contents, not just reads credential variables; this is a common setup shortcut but should be limited to a trusted credential file.
# With user consent, you may source ~/.config/visla/.credentials
Prefer environment variables or the Python credential parser, and only allow sourcing ~/.config/visla/.credentials if you created or trust that file.