ClawHub

Podcast Clipper ( Subscut )

v1.0.2

Use this skill when the user wants to turn a long podcast, interview, webinar, or talking-head video into multiple short clips for TikTok, Reels, or YouTube...

1· 36·0 current·0 all-time
byArrpit Tiwari@arpittiwari24
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a wrapper around Subscut's podcast-clipping API. The only required binaries (npm) and env vars (SUBSCUT_API_KEY, SUBSCUT_API_BASE_URL) are appropriate for calling a hosted API and running the provided Node script.
Instruction Scope
SKILL.md and the bundled script limit actions to assembling a JSON request and POSTing it to /podcast-to-clips on the configured base URL, then returning JSON results or the API error body. The instructions do not reference unrelated files, system state, or other credentials.
Install Mechanism
No install spec (instruction-only skill) and the package uses a simple npm script to run a local Node file. No downloads from arbitrary URLs or archive extraction are present.
Credentials
Only two env vars are requested: SUBSCUT_API_KEY (required) and SUBSCUT_API_BASE_URL (optional, defaulting to https://subscut.com). These match the skill's purpose. (Minor metadata note: the registry lists no primary credential while SKILL.md marks SUBSCUT_API_KEY required — this is a small metadata omission rather than a behavioral concern.)
Persistence & Privilege
Skill does not request persistent presence (always is false) and does not modify other skills or system settings. It runs on-demand via the npm entrypoint.
Assessment
This package appears to do only what it says: it sends a POST to the Subscut API with the public video URL and options, and returns the JSON response. Before installing, verify you trust Subscut to process your content and that the SUBSCUT_API_KEY you provide has limited scope and can be rotated. Confirm the SUBSCUT_API_BASE_URL is the real service (defaults to https://subscut.com) — an attacker could trick you into pointing the skill to a malicious endpoint if you override that value. Ensure your runtime Node environment supports the script (the package uses a simple npm run -> node invocation and assumes fetch is available). Finally, review and keep the skill updated from a trusted marketplace publisher; if you want stricter control, run the script manually or in a sandbox rather than granting broad agent access.
scripts/generate-podcast-clips.js:48
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
Required envSUBSCUT_API_KEY
CLI help (from plugin)
npm run generate-podcast-clips -- --help
Options:
  --video-url <url>       Public long-form video URL to process
  --max-clips <number>    Number of clips to generate (1-10, default 5)
  --clip-style <style>    viral | clean | minimal
  --captions <boolean>    true | false
  --api-key <token>       Overrides SUBSCUT_API_KEY
  --api-base-url <url>    Overrides SUBSCUT_API_BASE_URL
latestvk9756m5krztdqcmn8n915142gx84htdw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis
Binsnpm
EnvSUBSCUT_API_KEY, SUBSCUT_API_BASE_URL

Config example

Starter config for this plugin bundle.

export SUBSCUT_API_BASE_URL="https://subscut.com"
export SUBSCUT_API_KEY="subscut_your_api_key"

Comments