ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Volcengine Digital Human Video Generator

v1.0.4

火山引擎数字人视频生成技能。当用户发送照片并提供对白或配音文案,要求生成数字人口播视频时触发。全自动完成:图片上传、形象创建、TTS配音(自动性别检测、多音色匹配)、视频合成、最后发回给用户。触发词包括数字人、视频合成、口播视频、数字人视频。

0· 53·0 current·0 all-time
by@xiaoxiaole2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (Volcengine digital human video generator) match the code and instructions: image upload → create avatar → TTS → synthesize video. Requiring Volcengine AK/SK, TTS (edge-tts) and ffmpeg is coherent. However the registry metadata at the top claimed no required env vars/credentials while SKILL.md and the script explicitly require VOLC_AK/VOLC_SK and even include a config.json with AK/SK — that metadata mismatch is unexpected and should be explained by the author.
!
Instruction Scope
The SKILL.md and script instruct the agent to read images from /root/.openclaw/media/inbound and to upload user images/audio/video to public file hosts (catbox.moe, 0x0.st; references also mention uguu.se). Reading inbound media and calling external APIs is necessary for the task, but automatic public hosting of user-supplied images/audio is a significant privacy risk. The SKILL.md warns about this, but the automation will still expose content publicly during processing — verify users understand this before use.
Install Mechanism
No install spec (instruction-only), so nothing is written by an installer. The script has heavy runtime dependencies (opencv, deepface/retinaface, numpy, edge-tts, ffmpeg) and deepface may download models at runtime. Lack of an install spec means dependency installation/behavior (and model downloads) will happen outside the package and should be managed explicitly.
!
Credentials
Requesting VOLC_AK and VOLC_SK is appropriate for calling Volcengine. However the included config.json in the package contains ak/sk values (hard-coded credentials). Shipping credentials in a skill package is a serious red flag: it may be a leaked/shared key or intentionally embedded account credentials. The script will read a config.json in its directory if env vars are not set, causing accidental use of those embedded credentials. This is disproportionate and may grant the package author (or whoever controls that account) access to usage and uploaded content.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The skill reads from the agent's inbound media directory and writes temporary files under /tmp and its own workspace; it does not modify other skills or system-wide configs. Still, the combination of autonomous invocation plus public uploads means the agent could automatically expose user media when invoked — be cautious about enabling it for unattended runs.
What to consider before installing
Key things to consider before installing or using this skill: - Do not upload sensitive or private images/audio. The skill uploads user-provided media to public file hosts (catbox.moe, 0x0.st / references mention uguu.se) so anyone with the URL can access them during processing. - The package contains a config.json with hard-coded AK/SK credentials. Treat this as insecure: either remove that file, replace the credentials with your own, or set VOLC_AK/VOLC_SK in environment variables. If you cannot verify those keys' ownership, do not rely on them — they may be leaked or abused. - Consider rotating any Volcengine keys you plan to use for this skill and use a minimal-permission RAM user for the Digital Human service only. - The script can download ML models at runtime (deepface/retinaface) and calls external services; run it in an isolated environment (container) if you need to limit network/file-system exposure. - Verify and/or pin dependency installation (edge-tts, ffmpeg, OpenCV, deepface) in a controlled environment; the package does not provide an install step. If you need this capability but are uncomfortable with public uploads or embedded credentials, ask the skill author to remove the bundled config.json, provide clear metadata declaring required env vars, and offer an option to use private storage (your own S3/minio) instead of public file hosts.

Like a lobster shell, security has layers — review code before you run it.

latestvk979de72dkqe1vsbw4jdbdndnh83kqp4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments