ClawHub

Media.io Google Veo Video Generator

v1.0.1

Generate cinematic-quality AI videos from text or images using Google Veo 3.1 via the Media.io OpenAPI with your API key.

0· 92·0 current·0 all-time
by@wondershare-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description state text/image-to-video via Media.io/Google Veo and the bundled API doc + Python router implement exactly that. However, the registry metadata at the top of the submission lists "Required env vars: none" while SKILL.md and _meta.json both declare API_KEY as required — this mismatch is an incoherence in metadata, not a functional capability mismatch.
Instruction Scope
SKILL.md instructs the agent to call Skill.invoke with an API name and API_KEY and to poll for task results. The runtime instructions only access the API_KEY env var and call Media.io endpoints; they do not ask the agent to read unrelated files, other environment variables, or exfiltrate data elsewhere.
Install Mechanism
No install spec (instruction-only) which minimizes install risk. The skill includes a Python script that uses the 'requests' library but no dependency declaration — runtime must provide requests. No downloads or external installers are used.
Credentials
Functionally the skill only needs a single API key (API_KEY) for Media.io which is appropriate for the described functionality. The inconsistency is that the registry summary at the top claims no required env vars while SKILL.md and _meta.json require API_KEY — this should be fixed to avoid confusion.
Persistence & Privilege
Skill is not always-enabled, does not request special platform privileges, and does not modify other skills or system settings.
Assessment
This skill appears to do what it says: talk to Media.io's openapi.media.io endpoints using a single API key. Before installing: 1) Confirm the API_KEY requirement in the registry (ensure you supply a Media.io API key and that registry metadata reflects that). 2) Only provide a scoped API key (least privilege) and rotate it if you stop using the skill. 3) Ensure your runtime has Python's requests library available (the package isn't declared). 4) Verify you trust the publisher/source — the top-level source was marked unknown though _meta.json points to platform.media.io/docs; prefer skills with a clear, trusted homepage. 5) Optionally test with a low-privilege/test account to confirm behavior and inspect network/logs for unexpected endpoints (the script enforces requests to openapi.media.io, which is a positive sign).

Like a lobster shell, security has layers — review code before you run it.

latestvk971yda5ww8d140q1ta48szz958361ve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments