ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reel Digest

v1.0.0

Download, transcribe, extract frames, and deeply analyze any video or reel from URL (Instagram, YouTube, TikTok, X, direct MP4). Use when user shares a video...

0· 54·0 current·0 all-time
byzinou@casperzinou

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for casperzinou/reel-digest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Reel Digest" (casperzinou/reel-digest) from ClawHub.
Skill page: https://clawhub.ai/casperzinou/reel-digest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install reel-digest

ClawHub CLI

Package manager switcher

npx clawhub@latest install reel-digest
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (download, frames, transcription, analysis) matches what the code and SKILL.md implement. Declared runtime requirements (curl, ffmpeg, yt-dlp, faster-whisper) are appropriate and appear necessary for the described pipeline.
!
Instruction Scope
Runtime instructions and included scripts do only the claimed tasks (download video, extract audio/frames, transcribe). However the code accepts arbitrary URLs and performs network fetches (urllib/curl/yt-dlp) which can be used to access internal network resources (SSRF) or untrusted hosts. More seriously, reel-digest.py constructs shell commands with user-supplied URL/paths and uses subprocess.run(..., shell=True) and f-strings without robust escaping—this can lead to command injection if an attacker controls the URL or provides specially crafted input. These runtime behaviors go beyond mere analysis and require careful input sanitization or sandboxing.
Install Mechanism
No installation downloads or external install steps are declared (instruction-only install). All code is included in the package. This is lower risk than an installer that fetches arbitrary code, but the package relies on existing third-party binaries (yt-dlp, ffmpeg, curl) and Python libs (faster-whisper) which must be present on the host.
Credentials
The skill requests no environment variables, credentials, or config paths. The listed external requirements (binaries and faster-whisper) are proportional to the stated purpose. There is no built-in credential exfiltration or unexpected secret access in the code.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify other skills. It runs on demand and writes outputs to a chosen output directory (defaults to a temp dir).
Scan Findings in Context
[no_static_findings] expected: The pre-scan found no regex matches. That does not eliminate runtime risks (command injection, SSRF) visible in the code.
What to consider before installing
What to consider before installing: 1) The tool does what it says (downloads and analyzes videos) and needs local binaries (ffmpeg, yt-dlp, curl) and the faster-whisper Python package. 2) Safety concerns: the Python script builds shell commands using user-supplied URLs with shell=True, which can allow command injection if a malicious URL is provided; it also fetches arbitrary URLs (possible SSRF to internal services). 3) Mitigations: only run this skill in a sandboxed environment (isolated container or VM) with limited filesystem and network access; validate or sanitize URLs before use; replace subprocess.run(..., shell=True, f'...{url}...') with safe argument lists (list form) or proper escaping; restrict network egress if you don't want the agent accessing internal hosts; inspect/confirm presence and source of yt-dlp and other binaries before running. 4) If you are not comfortable patching/sandboxing, avoid installing or only use on unprivileged throwaway systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk973dnk75n6sgmwcm8x074fg9s8536td
54downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
zinou@casperzinou
latest
Download

Reel Digest — Full Video Analysis Pipeline

Quick Start

Give this skill a video URL. It will download, extract frames, transcribe audio, and deliver a complete analysis.

Step 1: Download & Extract

Run the bash pipeline script (handles Instagram embed extraction, frame extraction, audio, and transcription):

bash scripts/ig-reel-dl.sh "<URL>" /tmp/reel-digest

This produces:

  • video.mp4 — original video
  • audio.wav — extracted audio (16kHz mono)
  • transcript.txt — Whisper transcription with timestamps
  • frames/ — key frames (1 per 5 seconds, 640px wide)

For non-Instagram URLs (YouTube, TikTok, etc.), use the Python script:

python3 scripts/reel-digest.py "<URL>" -o /tmp/reel-digest -f 10

Step 2: Analyze Frames

  1. Read transcript.txt for the spoken content
  2. Copy frames from /tmp to workspace directory (required for image tool)
  3. Analyze 4-8 key frames using the image tool
  4. Describe: on-screen text, UI, products, branding, visual style, transitions

Step 3: Synthesize

Combine transcript + frame analysis into a structured digest:

  1. Hook — Opening 3 seconds: what grabs attention?
  2. Narrative Arc — Frame-by-frame story
  3. Key Messages — Main points communicated
  4. Visual Strategy — Production quality, text overlays, aesthetic
  5. Engagement Tactics — What makes this shareable?
  6. Business Intel — Products, CTAs, pricing, competitive signals
  7. Viral Mechanics — Why this works for the algorithm

Step 4: Deliver

Present in clean, scannable format. Quote exact transcript text, describe exact visual elements. No generic advice.

Requirements

  • curl — HTTP requests
  • ffmpeg / ffprobe — video processing
  • yt-dlp — YouTube/TikTok downloads
  • faster-whisper (Python) — audio transcription

Troubleshooting

  • Instagram 403: CDN URLs expire fast. The bash script handles this with single-session extraction via tr -d '\\' on embed HTML
  • Vision model timeout: Resize frames to 360px: ffmpeg -i frame.jpg -vf scale=360:-1 small.jpg
  • Image tool path error: Files must be under workspace directory, not /tmp. Copy first.
  • Whisper OOM: Use --no-transcript flag, analyze frames only
  • No audio track: Some clips are visual-only. Use --no-audio flag.

Comments

Loading comments...