steampunk-transform-video-gen-seedance2-0

This skill appears to be a legitimate Node.js wrapper for WeryAI video generation, but take these precautions before installing or using it: - Review scripts/video_gen.js yourself (or ask a trusted reviewer). The script will read any local image path you pass and upload it to WeryAI using your WERYAI_API_KEY; do not provide local file paths unless you explicitly consent and have verified the script behavior. - Follow the SKILL.md instruction to require explicit confirmation showing the full expanded prompt and ensure the model field is set to SEEDANCE_2_0. The script itself does not enforce that model allowlist — accidental use of other model keys is possible if the agent or operator supplies them. - Treat WERYAI_API_KEY as a secret. Use a scoped or short-lived key if possible, and run generation from an isolated account/container for sensitive content. - Prefer supplying public https image URLs (the script enforces that for remote images). If you must use a local file, verify the filename and that it is intended for upload. - If you want stronger safeguards, modify the script to: (1) enforce model === "SEEDANCE_2_0" at runtime, and (2) require an explicit interactive confirmation before reading any local path (or disable local-file upload entirely). Given the documented local-file upload behavior and the model-enforcement gap, proceed only if you trust the skill source and follow the above mitigations.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.