Skill Veo3 Video Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with its advertised video-generation purpose, with expected cautions around API-key use, external provider data sharing, runtime dependencies, and local ffmpeg execution.
This looks safe to install if you intend to generate videos through Gemini/Veo. Before use, confirm which provider will receive your prompt or images, use a controlled Gemini API key, avoid command-line secret exposure, and review output paths before allowing ffmpeg stitching.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may cause the agent to use your Gemini API key for paid or quota-limited video generation.
The skill needs a Google Gemini API credential to generate videos. This is expected for the stated purpose, but it can consume the user's quota or billing and is not reflected in the registry's declared credential requirements.
- `GEMINI_API_KEY` env var (or `--api-key`).
Use a scoped or quota-limited Gemini key where possible, prefer an environment variable over passing secrets on the command line, and confirm video-generation costs before use.
Prompts, product references, or style images may be shared with Google, and possibly Runway if the fallback guidance is followed.
The skill discloses that prompts and optional reference images are used with Google Gemini/Veo, and it suggests a fallback to another video-generation skill/provider. This is purpose-aligned, but it crosses external provider boundaries.
Generate and stitch short videos via Google Veo 3.x using the Gemini API ... `--reference-image path.jpg` ... Fallback to Runway Gen4 Turbo when rate-limited
Do not submit confidential prompts or images unless you are comfortable sharing them with the provider, and ask for confirmation before switching to a fallback provider.
The skill may run ffmpeg locally and write or overwrite video output files selected by the user.
The script invokes local ffmpeg commands to extract frames and concatenate segments. This is expected for the advertised stitching feature, but it is still local command execution and can overwrite the specified output path.
cmd = [
"ffmpeg",
"-y",
...
]
p = subprocess.run(cmd, capture_output=True, text=True)Use trusted ffmpeg binaries and review output filenames/paths before running generation or stitching.
Future dependency versions could change behavior when the script is run.
The script declares runtime Python dependencies using lower-bound version ranges. That is common for uv-run scripts and relevant to the purpose, but it means dependency resolution is not pinned by a lockfile in the provided artifacts.
# dependencies = [ # "google-genai>=1.0.0", # "pillow>=10.0.0", # ]
For repeatable or production use, pin dependency versions or run from a reviewed lockfile/environment.