ClawHub

Hidden Truth Reveal Video Gen

v1.0.0

Create vertical reveal shorts: polished product vs harsh origin, one-line verdict, timed English captions (WeryAI). Use for supply-chain shock, contrast edit...

0· 93·0 current·1 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description: video short generation (reveal/contrast) — declared requirements (node, WERYAI_API_KEY) and the included CLI (scripts/video_gen.js) all align with that purpose. Required binaries and env var are proportional and expected for a client that talks to WeryAI.
Instruction Scope
SKILL.md instructs the agent to expand prompts, confirm with the user, and run the included Node CLI which sends prompts/images to WeryAI. The instructions do not request unrelated files, credentials, or system state beyond the declared WERYAI_API_KEY and Node runtime. They explicitly document API hosts used.
Install Mechanism
No install spec (instruction-only) but the skill bundles an executable script (video_gen.js). That is low-risk compared with arbitrary downloads, but installing/running the included script will execute code locally and make outbound HTTPS requests to api.weryai.com and api-growth-agent.weryai.com — verify you trust those endpoints and review the shipped script before running.
Credentials
Only a single credential is required (WERYAI_API_KEY) and it is used as the bearer token for the documented API hosts. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skills. It uses ordinary autonomous invocation (platform default), which is expected for a runnable skill.
Assessment
This skill appears coherent: it runs a bundled Node script that submits prompts and (https) image URLs to WeryAI using your WERYAI_API_KEY. Before installing/using: (1) review scripts/video_gen.js yourself (it will be executed locally) and confirm the two API hosts match your expectations; (2) use an API key with limited scope/credits if possible and never commit the key in source; (3) run in an isolated environment if you are concerned about untrusted code; (4) avoid sending private PII or proprietary images to the external service; (5) confirm WeryAI’s terms/privacy and check credit usage and rate limits because each generation consumes credits. The skill source/homepage is unknown — that increases supply-chain risk; if you need stronger assurance, ask the publisher for provenance or use an official client from a known vendor.
scripts/video_gen.js:467
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c048fzfejtxw9jmsvjm5m2s83bv9e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments