LiblibAI Image & Video Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated LiblibAI image/video generation purpose, but it uses LiblibAI API keys and sends prompts or reference image URLs to LiblibAI.
This appears safe for its stated purpose if you intend to use LiblibAI. Before installing or running it, understand that your prompts, reference image URLs, and task requests go to LiblibAI and that your API keys may allow account usage or credit consumption.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can submit media-generation jobs to LiblibAI with the content you provide.
The client sends generation requests to the LiblibAI API. This is expected for the skill's purpose, but it means user prompts and reference image URLs are transmitted to a third-party generation service and may consume account credits.
BASE_URL = "https://openapi.liblibai.cloud" ... requests.post(url, params=params, json=body, headers={"Content-Type": "application/json"}, timeout=30)Use it only with prompts and image URLs you intend to send to LiblibAI, and review costly or sensitive generation requests before running them.
The skill operates using your LiblibAI account authority and may spend credits or access generation tasks tied to that account.
The skill requires LiblibAI API credentials. This is purpose-aligned and the script uses them for signed API calls, but the registry metadata lists no required env vars or primary credential, so users may not see that credential requirement at install time.
Environment variables must be set: - `LIB_ACCESS_KEY` — API access key - `LIB_SECRET_KEY` — API secret key
Set these keys only if you trust the skill, prefer restricted or dedicated API keys if available, and rotate keys if they are shared or exposed.