ClawHub

WeryAI video tool — anime replace

v1.0.2

Replace or move an element in an existing HTTPS video with WeryAI anime-style processing (video-anime-replace). Use when the user wants anime-style object re...

0· 84·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required items: the skill needs Node and a single WERYAI_API_KEY to call WeryAI's video-anime-replace endpoint. There are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md and the CLI script consistently restrict inputs to public https:// video and image URLs, instruct the user not to pass local file paths, and require explicit user confirmation before paid submit/wait. The runtime instructions stay within the declared workflow.
Install Mechanism
There is no install spec (instruction-only for the platform). The only runtime dependency is Node (declared). The shipped runnable script is included in the repo; there are no downloads or archive extraction steps.
Credentials
Only WERYAI_API_KEY is required and used by the script. The SKILL.md and script both state they read only that env var and avoid other environment/config access. This is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill doesn't request persistent or elevated platform privileges. It does network calls to the declared WeryAI API (expected for this use).
Assessment
This skill appears to be what it says: a small Node CLI that calls WeryAI's video-anime-replace API using a single API key and public HTTPS URLs. Before installing/using: (1) verify the WERYAI_API_KEY you provide is scoped and billed appropriately (runs are paid); (2) confirm the video_url and image_url are public HTTPS links and that you want those assets sent to the third-party API; (3) inspect the included scripts locally (scripts/video_anime_replace.js) to be sure you are comfortable running them; (4) avoid using your broad or production API keys — use a key with limited scope or test account if possible; (5) ensure there are no extra sibling scripts in your copy (SKILL.md warns about other out-of-scope files) before running. Nothing in the package indicates hidden endpoints, unrelated credential access, or filesystem exfiltration.
scripts/video_anime_replace.js:153
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk974pk6rrmmm4jdgydgbd9309x83gs5r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments