ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Video Script Writer

v1.0.1

短视频脚本生成、分镜设计、口播稿撰写、爆款公式套用。适合短视频创作者、MCN、品牌方。

0· 99·1 current·1 all-time
by@275254cl-hash
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name, description, SKILL.md content, and the included tools/generate_script.py all align with a video script / storyboard generator — the functional capability matches the stated purpose. However, the registry metadata and SKILL.md metadata declare 'node' as a required binary while the shipped implementation is a Python script. Requiring Node is not justified by the provided files and looks like a packaging or metadata error (or possible omission of additional Node-based components).
Instruction Scope
The SKILL.md runtime instructions and examples are limited to generating scripts, structures, hooks, and tips; they do not instruct the agent to read arbitrary files, access environment variables, or send data to external endpoints. The included Python tool similarly operates entirely locally and prints output — no network, credential, or file-exfiltration behavior is present in the code.
Install Mechanism
There is no install specification (instruction-only skill with one bundled script). Nothing in the package downloads or executes remote content. This is low-risk from an install mechanism perspective.
Credentials
The skill does not request any environment variables, credentials, or config paths. The only anomalous environment-related claim is the required binary 'node' which is not used by the included Python script; otherwise no excessive credential access is requested.
Persistence & Privilege
The skill does not request 'always: true' and uses default autonomy settings. Autonomous invocation is allowed (platform default) but is not combined with broad credentials or other concerning privileges here.
What to consider before installing
This skill's functionality (generating short-video scripts) appears coherent and the Python script is simple and offline — low technical risk by itself. However, the package metadata claims 'node' is a required binary while the shipped tool is a Python script; that mismatch is unexplained and could indicate a packaging mistake or missing components. Before installing or enabling the skill: 1) Ask the publisher why Node is required and whether additional Node code will be installed or run. 2) Inspect the skill contents yourself (you already have the generate_script.py; run it in a sandbox) and confirm no hidden install steps. 3) Ensure your environment will run the included Python script (it requires python3), or request corrected metadata. If you cannot get an explanation, treat the skill as untrusted and test it in an isolated environment (sandbox/VM) rather than your primary workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tv6w0k973gkc3t48192tgx83ra9a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binsnode

Comments