ClawHub

Kinetic Sand Video

v0.1.1

Generate vertical kinetic / magic sand satisfying shorts (WeryAI): text or sand-shape image to slice, mold release, or collapse motion. Use when you need kin...

0· 85·0 current·1 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and scripts/video_gen.js consistently implement text/image-to-video submission to WeryAI. Required binary (node) and required env (WERYAI_API_KEY) are appropriate for this task.
Instruction Scope
SKILL.md instructs prompt expansion, parameter checks, and explicit confirmation before submission. The runtime script only references the declared API hosts and reads WERYAI_API_KEY; it does not instruct reading unrelated files or environment variables.
Install Mechanism
No install spec; the skill is instruction-only with a single included Node script. No downloads from untrusted URLs or archive extraction are present.
Credentials
Only one secret (WERYAI_API_KEY) is required and declared as primaryEnv. No additional credentials, config paths, or unrelated secrets are requested.
Persistence & Privilege
always:false and no code that modifies other skills or system-wide configs. The skill does not request permanent agent presence or elevated privileges.
Assessment
This package appears coherent, but take these precautions before enabling it: 1) Verify you trust api.weryai.com and only provide a WERYAI_API_KEY if comfortable granting the service access to generate paid jobs. 2) Review scripts/video_gen.js yourself (it submits the key as a Bearer token to the documented WeryAI endpoints). 3) Do not commit the API key to source control — set it in the runtime environment or a secrets store. 4) Run initial tests in an isolated account or container since each run may consume credits. 5) Provide only HTTPS public image URLs as required and confirm the expanded prompt before submitting a generation job to avoid accidental cost. 6) Note that the agent can invoke skills autonomously by default — this is normal, but be aware of potential automated submissions if you enable autonomous behavior.
scripts/video_gen.js:455
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk974f9nhjms9w6b9mfmc76vzz583amzx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏖️ Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments