Zyt one click video creation
Security checks across malware telemetry and agentic risk
Overview
The skill is coherent for one-click short-video creation, but it requires trusting it with Chanjing API credentials and with sending scripts/audio/prompts to Chanjing services while running local media tools.
Before installing, confirm you trust Chanjing’s API service, verify CHANJING_API_BASE is the official endpoint you intend to use, protect ~/.chanjing/credentials.json or your configured credentials directory, and avoid submitting confidential scripts or audio unless the provider’s data practices are acceptable.
VirusTotal
41/41 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act through the configured Chanjing account and may consume API quota or affect account-managed generation tasks.
The client reads Chanjing app credentials from a local file, exchanges them for an access token, and writes token state back to the credentials file.
CONFIG_FILE = CONFIG_DIR / "credentials.json" ... "app_id": app_id, "secret_key": secret_key ... data["access_token"] = token; write_config(data)
Use a dedicated Chanjing credential if possible, keep the credentials file protected, and verify CHANJING_API_BASE points to the intended official API endpoint.
Topics, scripts, prompts, voiceover audio, and generated media may be processed by Chanjing’s external services.
The skill explicitly sends generated audio and generation requests to an external provider and downloads generated media.
运行过程中会调用蝉镜开放 API、上传切段音频、下载生成媒体,并在本地输出目录写入中间文件与最终 mp4。
Do not use highly sensitive or confidential scripts unless Chanjing’s data handling terms are acceptable for your use case.
The skill will run local media binaries and process downloaded/generated media on the machine where it is invoked.
The renderer executes local command-line tools such as ffmpeg and ffprobe through subprocess calls, which is central to the stated media-rendering purpose.
r = subprocess.run(argv, capture_output=True, text=True, timeout=timeout, env={**os.environ, **(env or {})})Ensure ffmpeg and ffprobe are installed from trusted sources and that the output/work directories are appropriate for generated media files.
Users have less provenance context for who authored or maintains the bundled code and instructions.
The registry does not identify the source provenance, although there is no automatic install script in the provided artifacts.
Source: unknown; No install spec — this is an instruction-only skill.
Review the bundled files and install only if you trust the ClawHub listing and the Chanjing integration it targets.