Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
nation-resilience-hook-video-gen
v1.0.0Create vertical nation-resilience hooks with timed English on-screen text (WeryAI): map flashes, resource–geography–defense beats, risk twist. Use for geopol...
⭐ 1· 62·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (short vertical geopolitics hooks) align with required items: Node.js runtime, a single WERYAI_API_KEY, and a CLI script that calls WeryAI video APIs. Required binaries and env vars are proportional to the stated video-generation purpose.
Instruction Scope
SKILL.md constrains the agent to build a locked prompt timeline, obtain user confirmation, and call node scripts/video_gen.js. It explicitly discloses local-file handling: if a non-HTTPS image path is provided the script will read the file and upload it to WeryAI. That file-read + upload behavior is within the scope of a video-generator but is sensitive—SKILL.md requires explicit user consent before local read-and-upload.
Install Mechanism
No install spec or external downloads are present; the package is instruction-only with a bundled Node.js script. There are no downloads from untrusted URLs or extract/install steps in the manifest.
Credentials
Only WERYAI_API_KEY is requested and declared as the primary credential. The SKILL.md and script only read that key for authenticated calls to WeryAI endpoints (generation, models, upload-file). No unrelated secrets or multiple credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges here.
Assessment
This package appears coherent for generating short geopolitics videos via WeryAI. Before installing or running it: (1) Review scripts/video_gen.js yourself if you plan to allow local image paths — the script will read local files and POST them to https://api-growth-agent.weryai.com/growthai/v1/generation/upload-file using your WERYAI_API_KEY. Only give local paths after explicit consent. (2) Use a short-lived or isolated API key and do not commit the key to source control. (3) Prefer supplying public https:// image URLs so no local upload is needed. (4) Confirm the expanded prompt and timeline in the confirmation step as required by SKILL.md (it will submit the full prompt to the third-party API). (5) Be mindful of content-policy risks — the skill warns to avoid calls to violence or hate but you are responsible for user-provided prompts. If you need higher assurance, inspect the full script and test in an isolated environment before production use.scripts/video_gen.js:675
Environment variable access combined with network send.
scripts/video_gen.js:223
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ftsk5acp2ydr5bsn237mcd183d6z1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗺️ Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY