Ultimate AI Media Generator
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for CyberBara image/video generation, but users should notice that it stores a CyberBara API key, can spend credits after approval, uploads selected media, and auto-opens downloaded outputs.
Before installing, make sure you trust CyberBara and the referenced repository, use a dedicated API key, review credit quotes before submitting tasks, avoid uploading sensitive reference images, and use --no-open if you do not want generated files opened automatically.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill gives it access to a CyberBara account key that can be used for account-backed generation requests and credit usage.
The skill uses a CyberBara API key and persists it locally, even though registry metadata does not declare a primary credential or required environment variable.
API_KEY_ENV_VAR = "CYBERBARA_API_KEY" API_KEY_STORE_PATH = Path.home() / ".config" / "cyberbara" / "api_key"
Use a dedicated CyberBara API key, keep the local cache file protected, and revoke or rotate the key if you no longer use the skill.
The agent can submit paid or credit-consuming generation tasks if you approve them or allow use of --yes.
The CLI can create image/video generation tasks that may consume credits, and it includes a --yes option to bypass the confirmation prompt after approval.
help="Quote credits, require confirmation, then create image generation task(s)." ... help="Skip interactive prompt after quote. Use only after explicit user approval."
Review credit quotes before generation and only allow --yes when you have explicitly approved the exact request and estimated cost.
Downloaded output files from the provider may automatically launch a local viewer or associated application.
Generated media files are saved and then opened with the operating system's default file opener unless disabled.
subprocess.Popen(["open", str(file_path)]) ... subprocess.Popen([xdg_open, str(file_path)])
Use --no-open when you do not want downloaded media opened automatically, especially on systems with sensitive or unusual file associations.
Any reference images you choose to upload will leave your local machine and be processed by the external provider.
The skill can send local reference image files to the external CyberBara service as part of image/video generation workflows.
upload_cmd = subparsers.add_parser("upload-images", help="Upload reference image files.")
upload_cmd.add_argument("files", nargs="+", help="Local image files to upload.")Do not upload private or sensitive images unless you are comfortable sharing them with CyberBara under its terms and privacy practices.
Running the install command may fetch and install code from a remote repository; the risk depends on trusting that source.
The README recommends a user-directed npx installation from an external GitHub repository rather than a pinned install specification.
npx skills add ZeroLu/Ultimate-AI-Media-Generator-Skill --all
Verify the repository and consider installing from a reviewed or pinned version before using it in sensitive environments.