ClawHub
Back to skill
v1.0.0

WeryAI video tool — lips change

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:08 AM.

Analysis

This skill appears to be a narrowly scoped WeryAI lip-sync tool that uses a WeryAI API key and public HTTPS media URLs, with an explicit confirmation warning before paid submissions.

GuidanceBefore installing, verify the script is the expected lips-change tool, set only the WERYAI_API_KEY needed for WeryAI, and confirm both public HTTPS media URLs before any submit or wait command because those actions may consume paid credits.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Do **not** run `submit` / `wait` until the user explicitly confirms both URLs. Paid runs are not idempotent.

The skill can trigger paid external processing, but the artifact explicitly requires user confirmation before doing so.

User impactIf the confirmation instruction is ignored, the agent could start a paid WeryAI job with the supplied media URLs.
RecommendationConfirm both URLs and intended cost before using submit or wait; use --dry-run first when checking inputs.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide an upstream source or homepage, reducing provenance context for the included script.

User impactYou have less external provenance to verify who maintains the skill or where the code originated.
RecommendationInspect the included script before first use and install only from a trusted registry or publisher.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/video_lips_change.js
const apiKey = (process.env.WERYAI_API_KEY || "").trim(); ... headers.Authorization = `Bearer ${apiKey}`;

The script reads the WeryAI API key from the environment and sends it as Authorization for WeryAI API calls. This is expected for the service integration, but it uses delegated account access.

User impactRunning submit or wait can use your WeryAI account and potentially consume paid credits.
RecommendationUse a WeryAI API key intended for this workflow, keep it out of files, and rotate or revoke it if you no longer trust the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityInfoConfidenceHighStatusNote
SKILL.md
Inputs: `video_url` and `audio_url` must be **public `https://` URLs**. This script does not read local files and does not perform upload-file flows.

The workflow sends media URLs to an external provider. The artifact scopes this to public HTTPS URLs and says local files are not read or uploaded.

User impactAnyone using this skill should assume the referenced video and audio URLs are shared with WeryAI for processing.
RecommendationUse only media URLs you are allowed to share with WeryAI, and avoid URLs containing sensitive tokens or private content unless you accept that disclosure.