sora-video

This SKILL.md describes a legitimate-looking CLI skill to generate videos via the Sora model using the lnapi.com gateway. Functional capabilities and required local file access are consistent with the declared purpose. The primary security concern is that the skill forces use of a single third-party gateway (https://lnapi.com) and requires an environment API key (LNAPI_KEY); this centralizes sensitive data and credentials to that external host and is a supply-chain/credential-forwarding risk. No explicit malicious code or download-execute instructions are present in the provided SKILL.md, but the inability to review the actual scripts (scripts/main.ts) prevents a full assurance of safety. Recommend reviewing the script implementation for TLS handling, exact endpoints used, how the API key is transmitted, and whether any additional third-party installs or execs occur at runtime before trusting or deploying this skill.