Audio Mastering CLI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: audio-mastering-cli Version: 1.0.2 The skill is designed for audio mastering using `ffmpeg` and PowerShell. It is classified as suspicious due to a critical shell injection vulnerability identified in the `SKILL.md` file. The instructions for the OpenClaw agent directly embed user-provided file paths (`<ruta-archivo>`) into `powershell` and `ffmpeg` commands without any explicit sanitization. This flaw could allow a malicious user to inject arbitrary commands, potentially leading to remote code execution if the OpenClaw agent does not robustly sanitize inputs before execution. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail as packaged, or users may end up running a separately obtained PowerShell script whose behavior was not included in this review.
The skill’s main workflow depends on scripts/master_media.ps1, but the provided manifest contains only README.md and SKILL.md, so the referenced helper script is missing and cannot be reviewed.
powershell -ExecutionPolicy Bypass -File "{baseDir}/scripts/master_media.ps1" -InputFile "<ruta-archivo>" -MakeMp3Only install or run this skill if the referenced script is present from a trusted source and you can inspect it before use.
Running local scripts can read and write files on the machine according to the script’s behavior.
The skill intentionally runs a local PowerShell script and bypasses PowerShell execution policy. Local command execution is expected for a CLI audio-processing skill, but users should notice it.
powershell -ExecutionPolicy Bypass -File "{baseDir}/scripts/master_media.ps1"Review the script contents before running, and prefer a packaged, versioned implementation over manually supplied scripts.