ClawHub

WeryAI video tool — upscaler

v1.0.0

Upscale an existing HTTPS video via WeryAI (video-upscaler). Use when the user wants higher resolution output, not text-to-video.

0· 90·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim an upscaler; the script implements an /v1/generation/video-upscaler endpoint call to https://api.weryai.com and requires only WERYAI_API_KEY and Node.js — these are appropriate and expected for the stated purpose.
Instruction Scope
SKILL.md and the CLI usage limit inputs to a public https:// video_url and optional resolution; the script validates https URLs, reads only WERYAI_API_KEY, and documents a mandatory pre-submit confirmation for paid runs. The instructions do not request reading local files or unrelated credentials.
Install Mechanism
No install spec (instruction-only invocation plus a single JS script). Required binary is only node (Node >=18 for built-in fetch). No downloads or archive extraction are present in the package.
Credentials
Only WERYAI_API_KEY is declared and used (getApiKey reads process.env.WERYAI_API_KEY). No other env vars or credentials are required or referenced in the script. The primaryEnv is proportionate to the service integration.
Persistence & Privilege
always is false; the skill does not request permanent presence or modify other skills or system-wide settings. It does network calls to the documented API endpoint, which is expected for this workflow.
Assessment
This package appears to do exactly what it says: call WeryAI's video-upscaler for a public HTTPS video using your WERYAI_API_KEY. Before running: (1) confirm the video URL and desired resolution with the user (SKILL.md already mandates that for paid runs), (2) keep your WERYAI_API_KEY secret and avoid writing it to disk, (3) ensure you trust https://api.weryai.com and your API key’s permissions/ billing impact (this is a paid workflow), (4) run the CLI from the skill root and avoid running any sibling scripts you didn't inspect, and (5) use --dry-run first to validate JSON. If you want higher assurance, review the full script (scripts/video_upscaler.js) locally to confirm there are no additional hidden endpoints or behaviors.
scripts/video_upscaler.js:149
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97506ym53gpa2fzn7hjjyhw6x83hhxd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments