Build and execute skills.video image generation REST requests from OpenAPI specs. Use when user needs to create, debug, or document image generation calls on...
Security Analysis
high confidenceThe skill's requirements, scripts, and runtime instructions are coherent with an image-generation REST helper for skills.video and request only the single API key and standard tools they need.
The skill name/description (image generation helper for skills.video) matches the declared requirements: SKILLS_VIDEO_API_KEY as the primary credential, python3 and curl as required binaries, and scripts that build/inspect OpenAPI payloads and call the skills.video endpoints. There are no unrelated credentials or binaries requested.
SKILL.md and bundled scripts instruct the agent to read OpenAPI/docs JSON files, construct request payloads, open SSE connections to skills.video endpoints, and fall back to polling. This scope is appropriate for an OpenAPI-driven image-generation helper. Note: the scripts accept arbitrary openapi.json/docs.json paths and endpoints (expected for this tool). Also the inspect_openapi.py appears to contain a small coding bug (an undefined variable 'pr' when assigning a field description) which may cause runtime failures — this is a functionality issue, not an obvious malicious behavior.
No install spec is present (instruction-only install), so nothing is downloaded or installed at install time. The skill includes Python scripts that will run locally; that's expected for a python-based helper. No network downloads, obscure URLs, or archive extraction are present in the package.
The only environment variable required is SKILLS_VIDEO_API_KEY (declared as primaryEnv) which is appropriate for a bearer-auth REST client. The scripts and README reference only that key; no unrelated secrets (AWS, GCP, etc.) are requested.
always is false and the skill does not request persistent system-wide privileges. It suggests stateDirs (~/.openclaw) for storing state but does not attempt to modify other skills or system credentials. Agent autonomous invocation is allowed (default) but not combined with elevated privileges.
Guidance
This skill is internally consistent for calling skills.video image-generation APIs and asks only for the SKILLS_VIDEO_API_KEY and standard tools (python3, curl). Before installing: 1) Confirm you trust the skills.video service and the skill's source (homepage and repository links are present). 2) Store SKILLS_VIDEO_API_KEY securely (environment or platform secrets) and avoid hardcoding it; be mindful that the scripts print and log events which may include generation IDs and messages but do not appear to exfiltrate the key. 3) Review the included scripts if you have concerns about logging or network targets — they default to https://open.skills.video/api/v1 but accept alternate base_url/endpoint arguments. 4) Be aware of a minor bug in inspect_openapi.py (undefined variable 'pr') which may cause failures when summarizing field descriptions; consider reviewing/fixing that file if you plan to use the OpenAPI inspection features. 5) If you allow autonomous agent invocation, remember the agent could run these scripts which will make outbound requests to skills.video using your API key; restrict or audit key scope and monitor usage if needed.
Latest Release
v1.0.3
- Added MIT license information. - Included author, supported operating systems, and required binaries in metadata. - Expanded CLI help and configuration guidance in metadata. - Linked to repository and homepage in metadata. - No code changes; documentation and metadata enhancements only.
Popular Skills
Published by @skills-video on ClawHub
