ClawHub

WeryAI video tool — extend

v1.0.0

Extend or continue an existing HTTPS video with a prompt via WeryAI (video-extend). Use when the user wants to lengthen a clip with style and duration contro...

0· 107·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node), and required env var (WERYAI_API_KEY) align with a CLI that calls a WeryAI video-extend API. The tool's endpoint and options in the script match the stated 'extend existing video' capability; no unrelated cloud credentials or services are requested.
Instruction Scope
SKILL.md explicitly bounds runtime actions (only node scripts/video_extend.js; only public https URLs; no local file reads or upload-file flows). The script enforces https:// URLs and reads only process.env.WERYAI_API_KEY. Instructions include a pre-submit confirmation gate and recommend dry-run. I found no instructions or code that read unrelated files, other env vars, or sent data to unexpected endpoints.
Install Mechanism
No install spec is provided (instruction-only with a bundled script). This is the lowest-risk install model. The only runtime requirement is Node.js 18+, which is reasonable for the shipped JavaScript CLI.
Credentials
Only WERYAI_API_KEY is declared and used as the primary credential; no extraneous secrets or config paths are requested. That is proportional to a service-backed video-extend tool.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system privileges or claim to modify other skills. No 'always: true' or other high-privilege flags are present.
Assessment
This package appears internally consistent with its stated purpose. Before installing, verify you trust the WeryAI service and understand that API calls will use your WERYAI_API_KEY (billing/credits may apply). Confirm the video URL is a public https:// URL and do not supply local file paths. Use the provided --dry-run and the pre-submit confirmation gate to avoid accidental paid runs. Also note the skill's source/homepage is not provided in the registry entry—if provenance or vendor trust is important, prefer a skill with a known upstream repository or homepage. Finally, keep your WERYAI_API_KEY secret and do not paste it into other tools or files.
scripts/video_extend.js:151
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxc3b1kqk1m84t5pe7gdrrx83hjet

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments