NVIDIA AV1 Video Compressor
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill mostly matches its video-compression purpose, but it should be reviewed because it can automatically install an unpinned Python package at runtime and can run batch compression without an in-script confirmation step.
Before installing, be aware that this tool runs local FFmpeg/NVIDIA commands on your selected video directory and may automatically install the tqdm Python package if it is missing. Prefer installing dependencies yourself from a trusted source, run a small test compression first, and verify output location and quality before allowing a full batch job.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may install external code before compressing videos, which creates supply-chain and environment-change risk even though the package is a normal progress-bar dependency.
The script automatically downloads and installs an unpinned dependency from an external package index at runtime if tqdm is missing. This modifies the user's Python environment and can execute third-party package code outside a declared install step.
except ImportError:
print("正在安装依赖库 tqdm...")
subprocess.run([sys.executable, "-m", "pip", "install", "tqdm", "-i", "https://pypi.tuna.tsinghua.edu.cn/simple"], capture_output=True)Move dependency installation to a declared install step or requirements-based setup, pin the package version, and prompt the user before installing anything at runtime.
If invoked too broadly, the skill can spend significant time and disk space creating compressed copies of videos without another in-script confirmation.
The agent-facing compression action always invokes the compression script in non-interactive mode and may run for up to an hour. This is consistent with batch video compression, but it relies on the agent/user to approve scope before execution.
# 非交互模式
cmd.append("--no-confirm")
...
proc = subprocess.run(cmd, capture_output=True, text=True, timeout=3600)Use test mode first, confirm the exact input and output directories, and only allow full compression after checking sample output quality.