ClawHub

WeryAI video tool — background remove

v1.0.0

Remove or replace a video background with a solid color via WeryAI (video-background-remove). Use when the user wants background removal or a flat-color back...

0· 80·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (background removal) aligns with required items: Node.js runtime and a single WERYAI_API_KEY. The declared endpoint (api.weryai.com/v1/generation/video-background-remove) and tool schema in the script match the stated purpose. No unrelated service credentials or binaries are requested.
Instruction Scope
SKILL.md and the entry script limit inputs to a public https:// video_url and an optional background_color. The script validates https URLs, reads process.env.WERYAI_API_KEY only, and documents a pre-submit confirmation step for paid runs. The README explicitly warns against running other sibling scripts. No instructions request reading arbitrary files, shell history, or other env vars.
Install Mechanism
There is no install spec (instruction-only with a bundled script). This minimizes install-time risk — nothing is downloaded from untrusted URLs and the only runtime dependency is Node 18+ (declared).
Credentials
Only one environment variable (WERYAI_API_KEY) is required and is appropriate for an API client. The script's getApiKey() reads only WERYAI_API_KEY and the SKILL.md explicitly warns not to rely on other env vars. No extra secrets or unrelated credentials are requested.
Persistence & Privilege
Skill does not request permanent presence (always: false). It does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other red flags here.
Assessment
This package appears to be coherent and limited to calling WeryAI's background-remove endpoint on public HTTPS video URLs. Before installing: (1) only provide a WERYAI_API_KEY you intend to use for this workflow and avoid exposing other secrets; (2) confirm any video URL with the user before submitting (SKILL.md's pre-submit gate) since runs may be paid; (3) ensure your Node.js runtime is 18+; (4) inspect the package you received to confirm it contains only the advertised files (SKILL.md and scripts/video_background_remove.js) and there aren't extra sibling scripts that accept local-file uploads; (5) if you reuse the API key elsewhere, consider using a scoped/rotated key for this skill. Based on the provided files and instructions, there are no inconsistencies suggesting hidden exfiltration or unrelated permissions.
scripts/video_background_remove.js:161
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97baykh7genm1bhm0xq0kqkq983gzxc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🟩 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments