ClawHub

Hydraulic Crush Video

v0.1.0

Generate vertical hydraulic-press crushing shorts (WeryAI): text or object image to flatten/burst motion—destruction aesthetics and material contrast for sho...

0· 81·0 current·1 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (hydraulic crush videos) align with the included script and declared requirements: Node.js 18+ and a WERYAI_API_KEY. The skill only targets WeryAI endpoints (api.weryai.com / api-growth-agent.weryai.com) and bundles an on-package CLI script that submits video-generation jobs—these are expected for this capability.
Instruction Scope
SKILL.md confines runtime actions to: expanding user prompts, requiring public https image URLs, showing a confirmation table, and calling the local script (node scripts/video_gen.js) to submit and poll WeryAI jobs. It does not instruct reading unrelated files, other environment variables, or transmitting data to third-party endpoints beyond the documented WeryAI hosts.
Install Mechanism
No install spec (instruction-only) and the included JS file runs under Node; there are no remote downloads or archive extracts. The script is local to the skill package and has no build/install step that would pull arbitrary code from external URLs.
Credentials
Only a single credential is required: WERYAI_API_KEY, which is declared as primaryEnv and is the only env var the script reads. That key is proportionate to the stated purpose of calling WeryAI's API. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not always-on (always:false) and is user-invocable; it does not request elevated persistence or modify other skill/system configurations. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This package appears coherent, but review these practical points before installing: (1) Keep your WERYAI_API_KEY secret and only provide it if you trust WeryAI and this skill. (2) The script will create paid generation tasks — confirm billing/credit impact before running. (3) Inputs must be public https image URLs (no local files). (4) Review scripts/video_gen.js yourself (it calls api.weryai.com and api-growth-agent.weryai.com) and run the skill in an isolated environment or throwaway account if you're unsure. (5) Confirm the expanded prompt with users before submitting (the SKILL.md mandates this) to avoid accidental or unsafe content generation. (6) Consider revoking the API key if you later suspect misuse.
scripts/video_gen.js:455
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qeh3r31m3qptfq472c653x83byy3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔧 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments