← Back to Skills Marketplace
322
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install varg-ai
Description
Generate AI videos, images, speech, and music using varg. Use when creating videos, animations, talking characters, slideshows, product showcases, social con...
Usage Guidance
This skill appears to do what it says, but take these precautions before installing or running anything: 1) Do not paste your API key into chat — follow the skill's advice to export it locally. 2) Inspect scripts/setup.sh and scripts/setup.ts before executing them; they are included in the bundle but not auto-run. 3) Be aware the skill will read/write ~/.varg/credentials and append to project .env (so your API key may be persisted locally); if you prefer not to persist secrets to disk, don't follow the save-credentials steps. 4) The SKILL.md fetches a remote SKILL.md from raw.githubusercontent.com and suggests `npx -y skills update` — updating via remote code can execute arbitrary code; prefer manual review or pinned packages. 5) Optional BYOK provider keys (Fal, ElevenLabs, etc.) are supported but not required; only provide those keys if you want to bill providers directly. If you want additional assurance, provide the contents of the two setup scripts for review before running them.
Capability Analysis
Type: OpenClaw Skill
Name: varg-ai
Version: 2.0.6
The varg-ai skill bundle is a legitimate tool for generating AI media (video, images, speech, and music) using the Varg AI platform. It provides comprehensive documentation and scripts (setup.sh, setup.ts) for environment detection and authentication. The skill follows security best practices by instructing the agent to avoid asking users for raw API keys in chat and instead uses a standard local credential storage mechanism (~/.varg/credentials). The use of curl for API interactions and bunx for rendering is consistent with its stated purpose, and no evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, required VARG_API_KEY, and the either-curl-or-bun requirement align with the documented cloud (curl) and local (bun+ffmpeg) rendering modes. Optional BYOK provider keys are documented but not required, which fits the BYOK billing model described.
Instruction Scope
SKILL.md tells the agent to check for an API key, read/write ~/.varg/credentials and .env, offer an OTP-based sign-in flow (ask user for email and 6-digit code), and to submit TSX code to varg render endpoints. These actions are expected for a CLI-based media tool, but they involve prompting the user for email/OTP, parsing remote API responses, and saving secrets to disk — the agent should not request the raw API key in chat and should confirm the user performs export commands locally (the skill itself advises that).
Install Mechanism
There is no install spec (instruction-only), which minimizes automatic disk writes, but the skill bundle includes scripts (scripts/setup.sh, scripts/setup.ts). These scripts are not auto-run by the platform but increase attack surface if executed; review them before running. The SKILL.md also recommends running an external version check via raw.githubusercontent.com and suggests `npx -y skills update` (which would pull and run remote npm code) — these are legitimate for update checks but merit caution.
Credentials
Only VARG_API_KEY is listed as required (primaryEnv). The references discuss optional provider keys (FAL_KEY, ELEVENLABS_API_KEY, etc.) for BYOK usage but those are optional and explained. The skill writes credentials to ~/.varg/credentials and .env which is expected for CLI tooling but is sensitive — users should be aware that keys are persisted locally.
Persistence & Privilege
Skill does not request 'always: true' or system-wide configuration changes. It instructs saving credentials to its own ~/.varg/credentials and project .env only. The skill allows autonomous invocation by default (platform norm) but does not request elevated or cross-skill privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install varg-ai - After installation, invoke the skill by name or use
/varg-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.6
Auto-published from vargHQ/skills@7f2c4a35
v2.0.5
Auto-published from vargHQ/skills@cf860e9c
v2.0.4
Auto-published from vargHQ/skills@8790ea35
v2.0.3
Auto-published from vargHQ/skills@a7f20b0e
v2.0.2
Auto-published from vargHQ/skills@a576323d
v2.0.1
Auto-published from vargHQ/skills@13daaa3d
v2.0.0
Initial publish
Metadata
Frequently Asked Questions
What is Varg Ai?
Generate AI videos, images, speech, and music using varg. Use when creating videos, animations, talking characters, slideshows, product showcases, social con... It is an AI Agent Skill for Claude Code / OpenClaw, with 322 downloads so far.
How do I install Varg Ai?
Run "/install varg-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Varg Ai free?
Yes, Varg Ai is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Varg Ai support?
Varg Ai is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Varg Ai?
It is built and maintained by Alex (@securityqq); the current version is v2.0.6.
More Skills