registry  /  videoclaw  /  3.0.0-alpha.2

videoclaw@3.0.0-alpha.2

Agent-friendly multi-provider AI video CLI (Veo, Seedance, Runway, Omni Flash) with on-disk JSON artifacts, approval gates, storyboard review UI, and portfolio ops. v3 — narrow, deterministic, agent-target CLI.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 554 file(s), 5.09 MB of source, external domains: api.apiz.ai, api.elevenlabs.io, api.kie.ai, api.magnific.com, api.openai.com, api.useapi.net, api.xskill.ai, fonts.googleapis.com, fonts.gstatic.com, generativelanguage.googleapis.com, gobananasai.com, httpbin.org, kie.ai, metadata.google.internal, uguu.se, useapi.net, www.w3.org, www.xskill.ai

Source & flagged code

1 flagged · loading source
dist/video/audio-platform/native-lyria.jsView file
7* L8: * POST https://{REGION}-aiplatform.googleapis.com/v1/projects/{PROJECT}/ L9: * locations/{REGION}/publishers/google/models/{MODEL}:predict L10: * Authorization: Bearer <token> L11: * Body: { instances: [{ prompt: string }], parameters: { sampleCount: 1 } } L12: * Response: { predictions: [{ bytesBase64Encoded: string (WAV), mimeType }] } L13: * ... L27: import { dirname } from 'node:path'; L28: import { execFile } from 'node:child_process'; L29: import { promisify } from 'node:util'; ... L86: try { L87: const metaResp = await fetcher('http://metadata.google.[redacted]-accounts/default/token', { headers: { 'Metadata-Flavor': 'Google' } });
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/video/audio-platform/native-lyria.jsView on unpkg · L7

Findings

1 High3 Medium6 Low
HighCloud Metadata Accessdist/video/audio-platform/native-lyria.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License