ClawHub

Glass Cut Video

v0.1.3

Generate satisfying vertical short videos of glass cutting and shattering (WeryAI): text-to-video or animate a glass photo into cuts, crack spread, and break...

0· 86·0 current·1 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node), primaryEnv (WERYAI_API_KEY), and the included script (video_gen.js) all directly align with a simple cloud video-generation task. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md describes prompt expansion, user confirmation, and exactly how to run the included CLI (node scripts/video_gen.js). It instructs use of public https image URLs, warns about secrets, and limits reads to WERYAI_API_KEY. It does not request unrelated files, system state, or extra credentials.
Install Mechanism
There is no install spec (instruction-only), and the single included JS file is a straightforward Node CLI. No downloads from arbitrary URLs, no archives or nonstandard install paths.
Credentials
Only WERYAI_API_KEY is required and is justified as the API key for WeryAI. The SKILL.md and script consistently state that only that env var is read. No other secrets, keys, or unrelated env vars are requested.
Persistence & Privilege
always:false (default) and user-invocable:true. The skill does not request permanent platform presence or modify other skills/configs. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears internally consistent, but before installing: (1) only set WERYAI_API_KEY if you trust WeryAI and the skill source; never embed the key in code or repos, (2) review scripts/video_gen.js yourself (it will be executed under Node) and verify the API hosts (https://api.weryai.com and https://api-growth-agent.weryai.com) are acceptable, (3) prefer running in an isolated account or container because each run consumes paid credits, (4) ensure image inputs are public https URLs as required, and (5) consider content policy and copyright implications of generated videos.
scripts/video_gen.js:455
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781e95ay5n1kgkez9db688d983a1ws

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪟 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments