Video Generator | 视频生成器
ReviewAudited by ClawScan on May 18, 2026.
Overview
This video-generation skill appears purpose-aligned, but its install instructions point to inconsistent external packages/repos while asking users to provide cloud API keys.
Review the install instructions before use and choose only one trusted, pinned source. Use limited-scope API keys, expect paid provider usage, and confirm before the agent runs local commands or sends script content to TTS/ASR providers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install and execute a different or changing project than the one advertised, which is especially important because the tool uses cloud API credentials.
This install path and package name differ from the registry/homepage and README references to openclaw-video-generator, and the git clone is unpinned. That makes it unclear which external code the user or agent is intended to install and run.
git clone https://github.com/ZhenRobotics/openclaw-video.git ~/openclaw-video ... npm install -g openclaw-video
Use one clearly identified package/repository, pin the exact version or commit for all install paths, and remove outdated conflicting install instructions.
The skill may use paid cloud services and credentials that can incur cost or expose account access if over-scoped.
The skill documents provider credentials for TTS/ASR services. This is purpose-aligned, but these are account credentials and the registry metadata separately says no required environment variables.
requires:\n api_keys:\n - name: OPENAI_API_KEY ... - name: ALIYUN_ACCESS_KEY_SECRET ... - name: TENCENT_SECRET_KEY
Provide least-privilege provider keys where possible, monitor usage and billing, and avoid using broad cloud account keys unless necessary.
If user text is inserted into a shell command unsafely, special characters in the script could cause command errors or unintended shell behavior.
The agent is instructed to run local shell commands with user-provided script text as an argument. Running the video-generation CLI is purpose-aligned, but direct interpolation needs careful quoting and user confirmation.
~/openclaw-video/generate-for-openclaw.sh "user's script content"
Prefer passing script content through a temporary file or a safely escaped argument, and confirm before running local generation commands.
The agent may treat ordinary script-like text as a request to generate a video.
The skill uses broad auto-trigger language. This is related to its purpose, but could cause the agent to invoke the skill for ambiguous text unless it checks user intent.
**AUTO-TRIGGER** when user's message contains ... Provides text that looks like a video script ... **TRIGGER EXAMPLES** (always use this skill for these)
Ask for confirmation when the user has not clearly requested video generation, especially before running commands or using paid APIs.