← Back to Skills Marketplace
Video Editing Agent (VEA)
by
shawnshenopeninterx
· GitHub ↗
· v1.1.2
632
Downloads
1
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install vea
Description
Video Editing Agent (VEA) for automated video processing, highlight generation, and editing. Use when asked to index videos, create highlight reels, generate...
Usage Guidance
This skill appears to be a legitimate video-editing service but contains several red flags you should address before installing: (1) The registry only lists MEMORIES_API_KEY, yet the code and docs require Google, ElevenLabs, and Soundstripe API keys plus possible GCP auth—verify whether you need to supply all of them. (2) The install instructions include running a remote install script (curl | sh); avoid blindly running it—review the script or install dependencies via trusted package managers. (3) The service uploads frames/text to external providers (Memories.ai, ElevenLabs, Soundstripe); confirm you are comfortable sharing video content and transcripts with these services and check their privacy/TOS. (4) Inspect the GitHub repo/source (pin a commit or release) and review src/app.py (not included here) for unexpected network calls or secrets exfiltration. (5) Run the skill in an isolated environment (VM/container) and keep API keys limited (scoped, revocable). If you need help auditing specific files (e.g., src/app.py) or verifying the remote installer script, provide them and I can analyze further.
Capability Analysis
Type: OpenClaw Skill
Name: vea
Version: 1.1.2
The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md` for installing the `uv` package manager. While a common installation method for legitimate tools, this practice executes arbitrary remote code, posing a significant supply chain risk if the remote server were compromised. Additionally, `SKILL.md` instructs the agent to perform `gcloud auth application-default login`, granting sensitive access to Google Cloud resources, and API keys are stored locally and loaded into environment variables, which is a standard but vulnerable practice. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or stealthy backdoors.
Capability Assessment
Purpose & Capability
The declared registry requirements list only MEMORIES_API_KEY and ffmpeg, but the SKILL.md and included files clearly require multiple other API keys (GOOGLE_API_KEY, ELEVENLABS_API_KEY, SOUNDSTRIPE_KEY) and GCP auth for full functionality. That mismatch between what's declared and what's actually needed is incoherent.
Instruction Scope
Runtime instructions instruct cloning a GitHub repo, running a remote installer (curl | sh), running gcloud auth, starting a local server, and sending video frames/text to external services (Memories.ai, ElevenLabs, Soundstripe). The instructions also expect you to store API keys in a local config.json which the scripts read. Those steps transmit user data outside the local machine and go beyond simple local ffmpeg processing.
Install Mechanism
Although the registry lists 'instruction-only', SKILL.md recommends running curl -LsSf https://astral.sh/uv/install.sh | sh to install the 'uv' package manager. Executing a remote install script is higher-risk than using a curated package and should be reviewed or replaced with a pinned release. Git cloning from GitHub is normal but no release pinning is recommended.
Credentials
Registry metadata declares only MEMORIES_API_KEY as required, but the config schema and scripts require/consume GOOGLE_API_KEY, ELEVENLABS_API_KEY, SOUNDSTRIPE_KEY, and possibly GCP credentials. Requiring multiple unrelated third‑party credentials (and loading them into env vars via config.json) is disproportionate to a simple local ffmpeg-based editor and increases data-exposure risk.
Persistence & Privilege
The skill does not request always: true and does not modify other skills. It runs a local server (localhost:8000), creates tmux/nohup processes and writes outputs/logs under ~/vea and /tmp. Running a persistent local server is expected for this functionality but increases blast radius if API keys or incoming requests are misconfigured.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vea - After installation, invoke the skill by name or use
/vea - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
Made MEMORIES_API_KEY required (video indexing & comprehension). Reordered API keys table.
v1.1.1
Translated all Chinese text to English
v1.1.0
Added open-source installation instructions from GitHub repo (Memories-ai-labs/vea-open-source), FFmpeg setup for all platforms, and paper link.
v1.0.0
Initial release: AI-powered video editing agent for highlight reels, narration, subtitles, and music. Requires local VEA server and Gemini API key.
Metadata
Frequently Asked Questions
What is Video Editing Agent (VEA)?
Video Editing Agent (VEA) for automated video processing, highlight generation, and editing. Use when asked to index videos, create highlight reels, generate... It is an AI Agent Skill for Claude Code / OpenClaw, with 632 downloads so far.
How do I install Video Editing Agent (VEA)?
Run "/install vea" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Video Editing Agent (VEA) free?
Yes, Video Editing Agent (VEA) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Video Editing Agent (VEA) support?
Video Editing Agent (VEA) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Video Editing Agent (VEA)?
It is built and maintained by shawnshenopeninterx (@shawnshenopeninterx); the current version is v1.1.2.
More Skills