ffmpeg-video-editor
v1.0.0Generate FFmpeg commands from natural language video editing requests - cut, trim, convert, compress, change aspect ratio, extract audio, and more.
⭐ 16· 9.8k·90 current·95 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description match the SKILL.md content (it generates FFmpeg commands). However, the metadata does not declare the single obvious runtime dependency (the ffmpeg binary) and the source/homepage is unknown — that omission is proportionate but a little sloppy and worth noting.
Instruction Scope
SKILL.md stays on-topic: it specifies how to identify operations, extract parameters, and produce concrete ffmpeg commands. Concerns: it instructs to always include '-y' (force-overwrite) which can lead to accidental data loss if commands are executed without review, and there is no explicit guidance to sanitize/escape user-supplied filenames or validate inputs. The file appears truncated in the package; review the full instructions before trusting automated use.
Install Mechanism
Instruction-only skill with no install spec or code files — low installation risk (nothing is written to disk by the skill bundle itself).
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for a command-generation-only helper.
Persistence & Privilege
always is false and the skill is user-invocable (normal). It does not request persistent presence or system-wide config changes. Note: autonomous invocation (disable-model-invocation=false) is the platform default; if the agent is allowed to execute generated commands autonomously, combining that with '-y' could be risky — review execution policies.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found embedded unicode control characters in SKILL.md. This is not expected for a straightforward command template file and can be used for prompt-injection or to hide text. Inspect the SKILL.md for hidden/zero-width/control characters and ensure the visible command examples match what will be used at runtime.
Assessment
This skill appears to do what it says — generate FFmpeg commands — and it requests no secrets or installs. Before installing: (1) inspect the full SKILL.md for hidden/unexpected characters (scanner found unicode-control-chars), (2) confirm that ffmpeg is available on the host (the skill assumes ffmpeg but doesn't declare it), (3) be cautious about the '-y' (overwrite) flag — if you or the agent will run commands, consider removing '-y' or requiring explicit confirmation to avoid accidental file overwrites, (4) never allow the agent to autonomously execute generated commands without human review, and (5) prefer skills with a named source/homepage or known author if you need higher trust. If you want higher assurance, ask the author to declare ffmpeg as a required binary, remove hidden control characters, and add guidance to sanitize filenames and require confirmation before destructive operations.Like a lobster shell, security has layers — review code before you run it.
latestvk976nkfh6eb4re7shgkydmwgkh80agtm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.