medeo-video
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses API keys stored in local configuration files (~/.openclaw/openclaw.json, ~/.openclaw/workspace/medeo-video/config.json) and system environment files (/etc/openclaw-claude.env). These credentials are used solely to authenticate with the Medeo and Feishu platforms.\n- [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to 'api.prd.medeo.app' (Medeo API) and 'open.feishu.cn' (Feishu API). It also uses 'curl' to download generated video content from Medeo's storage domain ('oss.prd.medeo.app').\n- [COMMAND_EXECUTION]: The skill utilizes subprocesses to run 'python3' scripts, 'curl' for downloads, and 'ffmpeg' for video processing. It employs 'json.dumps' to safely handle user-provided text in command arguments, mitigating shell injection risks.\n- [PROMPT_INJECTION]: The skill ingests user prompts and media URLs which are passed to the Medeo AI platform for video generation. This represents the intended functionality of the skill and is handled via standard API integration patterns.
Audit Metadata