ark-video-storyboard

Key things to check before installing or running this skill: - Credentials: Although the registry says no env vars are required, the code reads ARK_API_KEY (env) and also looks in ~/.openclaw/openclaw.json for a stored API key. Only provide an API key if you trust the Ark/Volcengine endpoint and the skill's behavior. - Binaries & tools: The scripts call curl and rely on ffmpeg/ffprobe for merging/compression. Ensure those binaries are present and come from trusted packages; the metadata doesn't declare them. - File writes: The skill will create and write files under ~/.openclaw/media/{timestamp}/ and append a record to ~/.openclaw/workspace/WORKFLOW.md. If you need to restrict filesystem side-effects, run the skill in a sandbox or edit the scripts to change output paths. - Network behavior: Submissions and polling call https://ark.cn-beijing.volces.com; downloads are done via curl. Review network calls if you have privacy or data-control concerns (reference images and prompts will be sent to the remote API). - Ethical/default behavior: The skill enforces a hard default that all human characters are East Asian unless the user specifies otherwise. If that behavior is unacceptable for your use case, modify SKILL.md/scripts or instruct the agent to ask the user explicitly instead of defaulting. - Attack surface: The package contains executable scripts that will run system commands (curl, ffmpeg). If you don't fully trust this skill, inspect the scripts yourself or run in an isolated environment. Consider limiting where API keys are stored (use ephemeral keys) and confirm there is no hidden endpoint beyond the Ark domain. If these mismatches or the default ethnicity rule bother you, ask the publisher to update the metadata to declare required env vars and binaries, remove or change the hard default ethnic rule, or provide a version with clearer permission/behavior controls.