Send Video Message
v1.0.2Send the user a video message with an AI avatar that speaks any text, using Runway Character API. For async updates, explanations, or anything better said th...
⭐ 0· 141·0 current·0 all-time
byYining Shi@yining1023
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (send a Runway avatar video) align with the code and runtime instructions. The skill legitimately needs a Runway API key and the uv runner. Default avatar image URLs point to runway-owned S3 assets and the scripts call Runway endpoints.
Instruction Scope
SKILL.md and the scripts confine activity to creating avatars, TTS, requesting avatar_videos, downloading the resulting MP4, and saving avatar metadata to ~/.openclaw/runway-avatar.json. The code will send only the text, optional description/image URL, and any generated image to the Runway API as expected. Note: SKILL.md mentions MEDIA: attachment behavior (OpenClaw platform integration), but the included scripts themselves only save files to /tmp and print paths — attaching/uploading to other services is not performed by these scripts.
Install Mechanism
Install spec only installs the 'uv' brew formula (reasonable because scripts are invoked via 'uv run'). There are no downloads from untrusted hosts. However, Python dependencies (runwayml, httpx) and optional ffmpeg are required by the scripts but not installed by the install spec or documented as automatic installs; users must ensure Python packages and ffmpeg are available.
Credentials
Primary credential RUNWAY_API_SECRET is appropriate and necessary. The code also reads several optional environment variables that are not declared in metadata: RUNWAY_AVATAR_ID, RUNWAY_AVATAR_PRESET, RUNWAY_VOICE_PRESET, SEND_VIDEO_MESSAGE_VERTICAL, and SEND_VIDEO_MESSAGE_SQUARE. These are not secrets but you should be aware the scripts will respect those env vars if present. The skill does not request unrelated credentials.
Persistence & Privilege
always:false and no privileged/autostart behavior. The skill writes only its own config file (~/.openclaw/runway-avatar.json) and output videos to /tmp — expected one-time avatar persistence. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: it uses your RUNWAY_API_SECRET to call Runway APIs to create avatars, generate audio, and produce avatar videos. Before installing: 1) Be willing to share any text, image URLs, or generated-image prompts you pass to Runway (they go to api.dev.runwayml.com). 2) Ensure you trust Runway and that your RUNWAY_API_SECRET has appropriate scope / rotation policy. 3) The brew install only provides the 'uv' CLI; you'll still need Python (>=3.10) plus the runwayml and httpx packages and, if you use --vertical or --square, ffmpeg on PATH. 4) The skill saves an avatar ID to ~/.openclaw/runway-avatar.json — if you want to remove that later, delete that file and/or any avatars you created via the Runway API. 5) Note small metadata omissions: the scripts honor several optional env vars (RUNWAY_AVATAR_ID, RUNWAY_AVATAR_PRESET, RUNWAY_VOICE_PRESET, SEND_VIDEO_MESSAGE_VERTICAL, SEND_VIDEO_MESSAGE_SQUARE) which are not enumerated in the registry metadata; none are credentials but be aware they can influence behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk978p46zbkctx56hcbe8v67kvx83gsz2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎬 Clawdis
Binsuv
EnvRUNWAY_API_SECRET
Primary envRUNWAY_API_SECRET
Install
Install uv (brew)
Bins: uv
brew install uv