Weryai Video Generator
v0.1.2Generate and transform WeryAI videos from text, images, storyboard frames, or first-frame and last-frame guidance. Use when the user needs text-to-video, ima...
⭐ 0· 124·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name, description, required binary (node), and required env var (WERYAI_API_KEY) align with a video-generation integration. However, many script files re-export implementations from '../../../../../core/weryai-core' and '../../../../../core/weryai-video' which are not present in this package manifest; this suggests the package is intended to run inside a larger monorepo or shared runtime. That packaging mismatch is an operational inconsistency (not necessarily malicious) and will cause runtime failures if executed standalone.
Instruction Scope
SKILL.md and AGENTS.md instruct the agent to submit jobs, poll until completion, optionally upload local media via the API, and return playable video URLs — all coherent with the stated purpose. Important scope notes: local files referenced by the user are uploaded to the WeryAI upload endpoint (i.e., user local media will be sent to the external API), and the runtime enforces bounded polling (timeouts). There are no instructions to read unrelated local files or other environment secrets beyond the declared API key.
Install Mechanism
No install spec or remote downloads are present; the skill is node-script based and expects Node >=18 on PATH. There are no suspicious external URLs or archive extracts. The only operational caveat is the missing 'core' modules referenced by the scripts (packaging/integration issue), not an installation risk.
Credentials
The skill requires a single primary credential (WERYAI_API_KEY) and optionally allows overrides for base URLs and timeout-related env vars. This is proportionate to a third-party API integration. No unrelated secrets or broad credential sets are requested.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and uses normal agent invocation defaults. There is no evidence it attempts to persist beyond its intended scope or escalate privileges.
Assessment
This skill generally looks coherent for WeryAI video generation, but check the following before installing or running it:
- Packaging: The scripts import many modules from a '../../../../../core/...' path that are not included in this bundle. That means these scripts likely expect a larger monorepo or shared runtime. If you plan to run them standalone, they will fail — ask the author for a complete package or the required core files.
- Secrets: Only WERYAI_API_KEY is required. Keep that API key secret and do not commit it into the repository. Prefer exporting it into the runtime environment.
- Data exfiltration surface: The skill will upload local media referenced in requests to WeryAI (via the upload endpoint). Do not submit sensitive local files unless you trust WeryAI and want them uploaded.
- Network endpoints: Defaults point to api.weryai.com and api-growth-agent.weryai.com. Do not override WERYAI_BASE_URL or WERYAI_MODELS_BASE_URL to untrusted hosts.
- First run: Use the provided dry-run commands (node scripts/models-video.js and node scripts/wait-video.js --dry-run) to verify configuration without spending credits. Also verify you have account credits before submitting paid jobs.
If you need higher assurance, request the missing core modules or a packaged release (or a vetted npm package) and review the core code referenced by the re-exports before running in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97bm5wz3btf0k50y5bp48kyp183hh0p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY