ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tomoviee Video Background Music

v1.0.3

Generate music tailored to video content. Use when users request video_soundtrack operations or related tasks.

0· 310·0 current·0 all-time
by@wondershare-boop
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (video soundtrack generation) matches the code and docs: the client posts video URLs and prompts to a remote audio-generation API. However the SKILL.md points to tomoviee.ai resources while the client code targets https://openapi.wondershare.cc — this domain mismatch and the differing naming (video_scoring vs video_soundtrack) are inconsistent and worth verifying with the author.
!
Instruction Scope
Runtime instructions ask users to run the bundled scripts with an app key/secret and to send publicly accessible video URLs to the remote API. The SKILL.md references a module name 'tomoviee_video_soundtrack_client' while the repository provides 'tomoviee_video_scoring_client.py' — a likely runtime error or sloppy packaging. The instructions do not request or instruct reading unrelated local files, but they do require supplying credentials that will be sent to an external endpoint.
Install Mechanism
No install spec; this is instruction-and-script based only. That lowers install risk. The included Python client uses the requests library and performs HTTPS POSTs to an external API, which is expected for this functionality.
!
Credentials
Registry metadata lists no required env vars or primary credential, but the SKILL.md and scripts clearly require an app_key and app_secret (turned into a Basic auth token) to call the API. Those credentials will be sent to the remote wondershare/openapi endpoint. The absence of declared required credentials in metadata is an inconsistency the user should note.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify system or other-skill config. It will run network calls when invoked and requires user-supplied credentials at runtime; this is normal for a remote API client.
What to consider before installing
This package appears to implement a legitimate video-to-music client, but several red flags mean you should proceed cautiously: - Verify the endpoint and ownership: SKILL.md points to tomoviee.ai but the client talks to openapi.wondershare.cc. Confirm which domain is official and intended before sending credentials or private video URLs. - Expect to supply an app_key and app_secret: metadata did not declare required credentials, but the scripts use key/secret and send them (Base64 Basic auth) to the remote API. Do not use production/privileged credentials until you trust the endpoint. - Module/filename mismatch: SKILL.md imports 'tomoviee_video_soundtrack_client' but the provided file is named 'tomoviee_video_scoring_client.py'. This will likely cause runtime errors or indicate sloppy packaging — request a corrected package from the author. - Privacy: the API requires public or accessible video URLs; do not submit private or sensitive videos unless you accept that they will be transmitted to the remote service. - Test in isolation: run the scripts in a sandbox or throwaway account first; check network requests (which host is contacted) and validate responses. If you need to trust this skill long-term, ask the publisher to (1) correct module/filename inconsistencies, (2) reconcile documentation vs. client base URL, and (3) update metadata to declare required credentials. If the author cannot clarify, treat the skill as low-quality and avoid providing real credentials or private data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9747s3jdzh8na04yr57wh80cd83qefe
310downloads
0stars
4versions
Updated 12h ago
v1.0.3
MIT-0
@wondershare-boop
latest
Download

Tomoviee AI - 视频配乐 (Video Soundtrack)

Overview

Generate music tailored to video content.

API: tm_video_scoring

Quick Start

Authentication

python scripts/generate_auth_token.py YOUR_APP_KEY YOUR_APP_SECRET

Python Client

from scripts.tomoviee_video_soundtrack_client import TomovieeClient

client = TomovieeClient("app_key", "app_secret")

API Usage

Basic Example

task_id = client._make_request({
    video='https://example.com/my-video.mp4'
    prompt='Modern tech product music, clean'
})

result = client.poll_until_complete(task_id)
import json
output = json.loads(result['result'])

Parameters

  • video (required): Video URL (MP4, <200M)
  • prompt: Optional style guidance
  • duration: Audio duration (5-900, default: 20)

Async Workflow

  1. Create task: Get task_id from API call
  2. Poll for completion: Use poll_until_complete(task_id)
  3. Extract result: Parse returned JSON for output URLs

Status codes:

  • 1 = Queued
  • 2 = Processing
  • 3 = Success (ready)
  • 4 = Failed
  • 5 = Cancelled
  • 6 = Timeout

Resources

scripts/

  • tomoviee_video_soundtrack_client.py - API client
  • generate_auth_token.py - Auth token generator

references/

See bundled reference documents for detailed API documentation and examples.

External Resources

Comments

Loading comments...