Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
After Effects MCP
v1.0.0Automates Adobe After Effects using ExtendScript (.jsx) files and aerender CLI. Supports composition creation, effect application, batch rendering, project t...
⭐ 0· 150·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (After Effects automation via ExtendScript and aerender) matches the included .jsx files (create_comp.jsx, batch_render.jsx) and the SKILL.md examples. However, SKILL.md and the 'Available Scripts' table reference additional scripts and asset folders (apply_effect.jsx, export_template.jsx, ae_script.jsx, assets/templates/) and reference files (effect_names.md, render_settings.md) that are not present in the manifest. Also the README suggests using 'aerender' but the registry metadata lists no required binary. These are coherency problems (missing files and an undeclared required binary), not direct evidence of malicious behavior.
Instruction Scope
Run instructions are limited to typical AE operations (open project, run ExtendScript, use aerender). The SKILL.md does not instruct reading arbitrary host files, exfiltrating data, or contacting external endpoints. That said, the instructions reference scripts and reference docs that are not included; the skill grants the agent discretion to run aerender and AE scripts (normal for this domain) but the missing resources mean runtime behavior could differ from the documentation.
Install Mechanism
There is no install spec (instruction-only), and the included code files are ExtendScript intended for execution inside After Effects. No external downloads, package installs, or archive extraction are present in the manifest, which minimizes installer-level risk.
Credentials
The skill declares no required environment variables or credentials (appropriate for local AE automation). However, SKILL.md expects 'aerender' to be available on PATH (it even suggests 'which aerender') but the registry metadata did not list aerender as a required binary—this mismatch is likely an oversight but should be clarified. No credentials or sensitive env vars are requested.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request persistent or elevated platform privileges. There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to be a straightforward After Effects automation bundle, but the packaging is incomplete: SKILL.md mentions multiple scripts, templates, and reference files that are not included in the manifest. Before installing or running anything: 1) Ask the publisher for the missing files or a corrected manifest; 2) Verify After Effects and aerender are installed and that aerender is on PATH; 3) Manually inspect any ExtendScript (.jsx) files you will run—they can read and write files on disk when executed inside After Effects; 4) Run scripts on non-production projects in a sandboxed environment first (or a VM) to confirm behavior; 5) Do not supply any credentials or secrets (none are required by this skill). If the author cannot explain the missing assets or provide the full script set, treat the skill as incomplete and avoid using it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97ectn2f1ns6sq9xdbxnf1b1d834bse
License
MIT-0
Free to use, modify, and redistribute. No attribution required.