Scan Report
5 /100
ai-video-generator
AI视频生成技能,支持Luma Dream Machine、Runway ML、Kling AI等平台
Legitimate AI video generation skill with proper API integration and no malicious behavior detected.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ_WRITE | READ_WRITE | ✓ Aligned | Input image reads and output video writes are necessary for video generation fea… |
| Network | READ | READ | ✓ Aligned | API calls to luma/runway/kling endpoints for video generation |
| Environment | READ | READ | ✓ Aligned | LUMA_API_KEY, RUNWAY_API_KEY, KLING_API_KEY - only used for authentication |
| Shell | NONE | NONE | — | No shell execution in code |
6 findings
Medium External URL 外部 URL
https://docs.lumalabs.ai SKILL.md:50 Medium External URL 外部 URL
https://docs.runwayml.com SKILL.md:51 Medium External URL 外部 URL
https://klingai.com SKILL.md:52 Medium External URL 外部 URL
https://api.lumalabs.ai/dream-machine/v1/generations scripts/generate_video.py:54 Medium External URL 外部 URL
https://api.runwayml.com/v1/generations/video scripts/generate_video.py:142 Medium External URL 外部 URL
https://api.klingai.com/v1/videos scripts/generate_video.py:214 File Tree
2 files · 12.8 KB · 395 lines Python 1f · 305L
Markdown 1f · 90L
├─
▾
scripts
│ └─
generate_video.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (urllib.request, json, argparse) - no external dependencies
✓ API keys are used solely for authentication with legitimate AI platforms
✓ No shell execution, subprocess, or os.system calls
✓ No credential exfiltration or data theft patterns
✓ Filesystem access (image read, video write) is necessary and declared
✓ No obfuscation, base64 execution, or anti-analysis techniques
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Clean code with no hidden functionality