Scan Report
5 /100
oatda-generate-video
Generate videos from text descriptions using AI models through OATDA's unified API
A legitimate video generation API skill that reads credentials from ~/.oatda/credentials.json and makes authenticated API calls to oatda.com. All functionality is declared and necessary.
Safe to install
No action needed. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:7 - reads ~/.oatda/credentials.json for API key |
| Network | READ | READ | ✓ Aligned | SKILL.md:52-58 - makes GET/POST requests to oatda.com API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:7,52 - uses curl and jq CLI tools via inline bash |
| Environment | READ | READ | ✓ Aligned | SKILL.md:6 - reads OATDA_API_KEY env var |
3 findings
Medium External URL 外部 URL
https://oatda.com SKILL.md:4 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/models?type=video SKILL.md:54 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/generate-video?async=true SKILL.md:66 File Tree
1 files · 7.2 KB · 199 lines Markdown 1f · 199L
└─
SKILL.md
Markdown
Security Positives
✓ API key handling follows security best practices - never exposes full key
✓ All required permissions (filesystem, network, shell) are declared in metadata
✓ Uses standard CLI tools (curl, jq) - no custom binaries or downloads
✓ No credential harvesting beyond what's needed for the service
✓ Network requests are limited to legitimate service domain (oatda.com)
✓ No obfuscation, base64 encoding, or hidden commands
✓ Error handling covers auth failures (401) and rate limits (429)