ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ultimate AI Media Generator

v1.0.1

Generate AI images and videos using top-tier models including Sora 2, Kling 2.6, Seedance 2.0, Nano Banana Pro, Veo 3.1 and more. Supports text-to-image, tex...

0· 276·0 current·0 all-time
by@zerolu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe model-backed image/video generation. The bundle includes a CLI, prompt/workflow templates, credit-quote/polling flow, and client gateway code that targets CyberBara endpoints (base URL fixed to https://cyberbara.com). Required artifacts (API key, upload + generate + poll) align with this purpose.
Instruction Scope
SKILL.md and CLI instruct only on discovering models, quoting credits, uploading images, submitting generation tasks, polling for results, saving outputs, and persisting an API key under ~/.config/cyberbara/api_key. There are no instructions to read arbitrary system files, sweep environment variables beyond CYBERBARA_API_KEY, or exfiltrate unrelated data.
Install Mechanism
No install spec is provided (instruction-only install). The package contains Python source files which are intended to be run locally (python3 scripts/cyberbara_api.py). This is low risk in the sense that no remote installer/unknown URL downloads are configured by the skill itself.
Credentials
The only credential surface is CyberBara API key (supported via --api-key, CYBERBARA_API_KEY env var, or local cache). That matches the described need to call the provider API. No unrelated secrets or multiple external credentials are requested.
Persistence & Privilege
The skill persists only its own API key to ~/.config/cyberbara/api_key (and masks it in CLI output). It does not request 'always' inclusion and does not modify other skills or system-wide agent configuration.
Assessment
This skill appears internally consistent: it implements a CLI that talks to CyberBara (https://cyberbara.com), requires a provider API key, saves that key under ~/.config/cyberbara/api_key, and downloads media URLs returned by the service into your media_outputs directory. Before installing: 1) only provide an API key you trust to this third-party service and verify the domain; 2) inspect the cyberbara_client gateway code (not shown in the truncated listing) if you want assurance about exact HTTP endpoints/headers it uses; 3) be aware downloaded media files will be opened automatically by default (you can disable saving/opening via flags); and 4) if you plan to run this in an automated/privileged agent, remember it will perform network calls to the provider and could consume account credits. If any of these behaviours are unacceptable, do not install or run until you audit the client implementation and verify the provider.

Like a lobster shell, security has layers — review code before you run it.

latestvk976x54h3a6sva5v90z8tc8k6d82a89b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments