Media.io AI Image & Video Generation API
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is invoked with your key, requests are made under your Media.io account and may use available service credits.
The skill needs a Media.io account credential and uses it for authorized API calls; this is expected, but it gives the skill account-level API authority.
`API_KEY` | **Yes** | Media.io OpenAPI key, sent as `X-API-KEY` header ... Use a **least-privilege / test key**
Use a dedicated least-privilege or test API key, monitor credit usage, and revoke the key if you stop using the skill.
A user or agent can submit generation and status requests to Media.io through this wrapper.
The router performs external API calls using supplied parameters. The code also restricts the host to openapi.media.io, so this is purpose-aligned rather than hidden broad network access.
resp = requests.request(method, url, headers=headers, json={'data': body} if body else {}, timeout=30)Only invoke generation endpoints when you intend to create media, and review prompts, image URLs, and task parameters before submitting costly or sensitive requests.
You are trusting a community-maintained wrapper and your local Python package source for the requests dependency.
The skill discloses community provenance and asks the user to install a dependency manually; this is not automatic or hidden, but users should account for the non-official source and unpinned dependency.
Maintainer: community-maintained skill (not an official Media.io release) ... `pip install requests`
Install dependencies from a trusted package index, consider pinning versions in your environment, and verify that the Media.io API documentation matches the bundled endpoint definitions.
Prompts, image URLs, task IDs, and generated result metadata may be processed by Media.io.
The skill's generation APIs can send prompt text and image URLs to the external Media.io provider as part of normal operation.
`images` ... The URLs of the input images ... `prompt` ... The text prompt describing the content to generate.
Avoid sending sensitive prompts or private image URLs unless you are comfortable with Media.io processing them under its API terms.