ClawHub

WeryAI video tool — magic style

v1.0.0

Apply WeryAI magic style transfer to an existing HTTPS video (video-magic). Use when the user wants preset visual restyling of a video URL, not text-to-video.

0· 95·0 current·0 all-time
byparallel world@zoucdr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request Node and WERYAI_API_KEY only, matching a client that calls an external WeryAI video-magic API. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md instructs running the included Node CLI script against a public https:// video_url, mandates a pre-submit confirmation, and explicitly disallows local-file uploads or other sibling scripts. The included script validates https URLs, reads only process.env.WERYAI_API_KEY, and performs network calls to api.weryai.com for submit/status — behavior matches the doc.
Install Mechanism
No install spec; it's run directly with Node (Node 18+). No downloads or archive extraction are present, so nothing is written to disk by an installer beyond running the shipped script.
Credentials
Only WERYAI_API_KEY is required and is the primary credential. The script reads that env var and does not reference other secrets or config paths in the visible code, which is proportionate for a remote API client.
Persistence & Privilege
Skill does not request 'always: true'. It does not claim to modify other skills or system settings; it is a one-off client CLI that requires user invocation and a confirmed submit step.
Assessment
This package appears coherent and limited in scope, but before installing or running: 1) verify the WERYAI_API_KEY is a valid key for the expected service and only provide that key (do not set unrelated credentials). 2) Confirm the video URL and chosen style before using the 'submit' action (the skill itself warns this is a paid, non-idempotent run). 3) Because the source/homepage is unknown, inspect the shipped script (scripts/video_magic_style.js) locally to confirm there are no unexpected endpoints or behaviors before running. 4) Avoid running any sibling scripts that may be present in a mixed repo copy — the SKILL.md explicitly warns they may be out-of-scope.
scripts/video_magic_style.js:149
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY
latestvk97cjymt1nk0zys7krss1eabk583hvw8
95downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
parallel world@zoucdr
latest
Download

WeryAI video tool — magic style

This skill is self-contained: it documents and runs only the magic-style workflow on an existing video given by URL. It is not text-to-video or image-to-video generation from scratch.

Entry script: scripts/video_magic_style.js (alongside this SKILL.md).

Runtime: WERYAI_API_KEY, Node.js 18+.

Inputs: video_url must be a public https:// URL. This script does not read local files and does not perform upload-file flows.

What this package ships (verify before trust)

Canonical layout for this skill only:

  • SKILL.md, eval.yaml
  • scripts/video_magic_style.js (the only runnable script in scope)

If your copy also contains scripts/video_gen.js, scripts/video_toolkits.js, references/WERYAI_VIDEO_API.md, or other CLIs, those files are not part of this skill’s contract — they may come from another repo sync or an over-broad install. Do not run them when you only want magic-style; remove them or reinstall from a clean source. Inspect what you run: node scripts/video_magic_style.js spec.

Other tools (multi-endpoint CLIs, local-file upload to growth/upload-file APIs, extra environment variables in those CLIs) are out of scope for this package. This skill’s script uses only WERYAI_API_KEY and public https:// URLs.

API surface (this tool only)

  • Required: video_url (public https:// URL)
  • Optional: video_stylerealistic_2, anime_style_3, anime_style_4
  • Default: video_style=anime_style_3

From this skill root, run node scripts/video_magic_style.js spec to print the full tool schema (endpoint, required fields, defaults, enums) as JSON.

Pre-submit gate (mandatory)

Do not run submit / wait until the user explicitly confirms the video URL and any non-default video_style. Paid runs are not idempotent.

Workflow

Prefer --dry-run to validate JSON. Use wait to submit and poll until the task finishes; use submit only when the user wants a task_id without blocking, then status for later checks. Share final URLs as Markdown links [Video](https://…).

CLI

From this skill root:

node scripts/video_magic_style.js wait \
  --json '{"video_url":"https://example.com/video.mp4"}'

node scripts/video_magic_style.js submit \
  --json '{"video_url":"https://example.com/video.mp4","video_style":"anime_style_3"}'

node scripts/video_magic_style.js status --task-id <task-id>

Dry-run:

node scripts/video_magic_style.js wait \
  --json '{"video_url":"https://example.com/video.mp4"}' \
  --dry-run

Security

Never write WERYAI_API_KEY into files. Keep only WERYAI_API_KEY set for this workflow; do not rely on undocumented env vars in sibling scripts if any were mistakenly present. The in-scope script reads only WERYAI_API_KEY (no other env keys). video_magic_style.js accepts only https:// media URLs (no disk read / no upload-file). Base URL and poll intervals are constants in the script, not env-driven.

Do not pass local filesystem paths or run tools that accept them unless you have explicitly reviewed and consented to their upload behavior — that is never required for this skill.

Out of scope

  • Anime-style object replace/move on a video (different tool and inputs)
  • New video from text prompt only

References

Comments

Loading comments...