Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
VMake
v1.0.0Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking...
⭐ 1· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is clearly an image/video processing client for a paid Vmake API (videoscreenclear, hdvideoallinone, eraser_watermark, image_restoration). Requiring python3 and Vmake API keys (MT_AK / MT_SK) is coherent for this purpose. However the top-level summary in the prompt listing 'Required env vars: none' contradicts SKILL.md and skill.json which declare MT_AK/MT_SK as required — the manifest and runtime disagree with the registry metadata.
Instruction Scope
SKILL.md instructs agents to run scripts/vmake_ai.py and to use spawn-run-task/sessions_spawn for video tasks. The included code performs additional actions not fully surfaced in the high-level description: it reads ~/.openclaw/openclaw.json for channel credentials, reads .env files (scripts/.env and potential cwd .env), downloads user-provided URLs to temp files, and persists state under ~/.openclaw/workspace and ~/.cache/vmake. Those file/credential accesses extend scope beyond simple API calls and should be made explicit to operators.
Install Mechanism
This is instruction-plus-code (no install spec); there is no network-based install or arbitrary archive extraction in the manifest. Dependencies are typical (requests, alibabacloud-oss-v2). No suspicious third-party download URLs or extract operations were found in the provided files.
Credentials
MT_AK and MT_SK (Vmake API keys) are reasonable and proportional. However the skill also expects/use other credentials at runtime: TELEGRAM_BOT_TOKEN (env) and Feishu appId/appSecret loaded from ~/.openclaw/openclaw.json, and it will persist caches and history under user home directories. Those additional secrets are not declared in the registry metadata's 'requires.env', so the skill will access credentials beyond what the registry summary advertised. The client also loads any .env it finds and populates os.environ, which can surface additional secrets unintentionally.
Persistence & Privilege
The skill writes persistent state: ~/.openclaw/workspace/openclaw-vmake-ai/ (last_task.json, history) and ~/.cache/vmake/ (gid cache). always:false (not forced). The persistence is expected for resume/polling behaviour but combined with access to other local config files it increases blast radius if keys are mishandled. The skill does not attempt to modify other skills' configs in the provided code.
Scan Findings in Context
[reads_user_config_openclaw] unexpected: scripts/feishu_send_* and feishu helpers read ~/.openclaw/openclaw.json for Feishu channel credentials. That is expected for optional delivery, but the skill metadata did not declare that it will read this file; this file can contain other channel secrets.
[uses_telegram_env_token] expected: Telegram send scripts require TELEGRAM_BOT_TOKEN via env; that fits the included Telegram delivery helpers and the skill.json platforms entry, but TELEGRAM_BOT_TOKEN is not declared in top-level requires.env and is sensitive.
[wapi_endpoint_wapi-skill.vmake.ai] expected: The client signs requests to the WAPI gateway at wapi-skill.vmake.ai and invokes POST /skill/consume.json as required by SKILL.md — this is expected for a paid API gateway but requires trusting that endpoint and its handling of tenant keys.
[loads_dotenv_and_sets_env] unexpected: client._load_env_file sets environment variables from scripts/.env or cwd .env if present. This behavior can cause the skill to read secrets from local .env files unexpectedly; it was not clearly declared in SKILL.md.
[persists_state_and_cache] expected: The CLI saves last_task, history and GID caches under ~/.openclaw and ~/.cache/vmake to support resume/polling. This is functionally expected but gives the skill persistent local footprint.
What to consider before installing
Before installing or enabling this skill: 1) Treat MT_AK / MT_SK (Vmake Access/Secret) as required — only provide keys from a trusted tenant. 2) Be aware the skill will read/write local files: ~/.openclaw/* and ~/.cache/vmake/* and may read a scripts/.env or a cwd .env, which can cause local secrets to be used; inspect those files first. 3) The skill can optionally use Telegram and Feishu delivery helpers that expect TELEGRAM_BOT_TOKEN in your environment and Feishu appId/appSecret in ~/.openclaw/openclaw.json — if you don't want delivery channels enabled, do not populate those credentials. 4) The registry summary shown to you earlier omitted required env vars (MT_AK/MT_SK) — prefer the SKILL.md and skill.json declarations as authoritative and ask the publisher/host to correct registry metadata before wide deployment. 5) If you must grant this skill keys, rotate them after testing and limit their privileges if possible. If you need higher assurance, request the upstream skill source (homepage/repo) or audit the remaining omitted files for any additional network endpoints or obfuscated behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk972yzc02ng8b2sempjrj9tz3984snqk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🖼️ Clawdis
Binspython3