fal-kling-o3
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash scripts (
kling-generate.sh,kling-video.sh) to executecurlcommands for interacting with the fal.ai API. These operations are restricted to the intended purpose of the skill and target well-known, legitimate endpoints. - [CREDENTIALS_UNSAFE]: The scripts include a
--add-fal-keyflag that allows users to save their API key into a.envfile. This is a standard and recommended practice for managing secrets in local development environments and does not represent an unsafe exposure. - [EXTERNAL_DOWNLOADS]: The skill performs network operations via
curltoqueue.fal.run, which is the official endpoint for the fal.ai service. These requests are used to submit generation tasks and poll for status updates, which is the core functionality of the skill.
Audit Metadata