ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VidIQ - Video Intelligence

v1.0.0

AI-powered video intelligence - download, analyze, clip, GIF from any URL. Supports YouTube, TikTok, Instagram, X. Uses ffmpeg + yt-dlp.

0· 315·0 current·0 all-time
byCassh@cassh100k

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cassh100k/vidiq.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "VidIQ - Video Intelligence" (cassh100k/vidiq) from ClawHub.
Skill page: https://clawhub.ai/cassh100k/vidiq
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ffmpeg, yt-dlp
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install cassh100k/vidiq

ClawHub CLI

Package manager switcher

npx clawhub@latest install vidiq
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included script: the shell script uses yt-dlp to download videos and ffmpeg/ffprobe to inspect, extract frames, clip, create GIFs, etc. The requested binaries (ffmpeg, yt-dlp) are the core tools needed. Minor mismatch: the script also invokes common utilities (python3, md5sum, bc, awk, grep, sed) that are not listed in the metadata but are typical on many systems.
Instruction Scope
SKILL.md tells the agent to 'feed frames to a vision model for content understanding' but does not specify which model or endpoint; the script itself only writes frames to /tmp/vidiq and does not transmit them. This leaves it to the agent runtime to decide where frames are sent, which could result in external transmission of image data if the agent forwards frames to a remote service. Also: SKILL.md lists a 'transcript' action in usage comments, but the script has no implemented 'transcript' case.
Install Mechanism
No install spec (instruction-only with an included shell script). This is low-risk from an installation perspective because no external code is fetched during install. Runtime does call yt-dlp which downloads video content (expected behaviour).
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a local video manipulation tool. It does perform network downloads of user-supplied URLs via yt-dlp — expected for the feature, but note that any URL the agent is given will be fetched.
Persistence & Privilege
The skill does not request persistent/always-on privileges. It writes temporary files under /tmp/vidiq for caching and frames, which is normal for this functionality but means downloaded content is stored locally.
Assessment
This skill appears to do what it says: it downloads videos via yt-dlp and manipulates them with ffmpeg. Before installing, consider: 1) Privacy/exfiltration — the SKILL.md suggests sending extracted frames to a vision model but doesn't specify which; ensure you trust the agent or model that will receive those images. 2) Local storage — downloads and frames are cached under /tmp/vidiq; remove sensitive files after use. 3) Undeclared dependencies — the script uses python3, md5sum, bc, awk, grep, sed in addition to ffmpeg/yt-dlp; ensure your environment provides these. 4) Copyright and bandwidth — downloading videos may violate terms or consume network/disk. If you want tighter guarantees, request the author add explicit statements about where frame data is sent and list all required binaries in metadata.
scripts/vidiq.sh:82
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎬 Clawdis
Binsffmpeg, yt-dlp
latestvk97b3qzexg551cbwrprfzhqvgx82g3ba
315downloads
0stars
1versions
Updated 15h ago
v1.0.0
MIT-0
Cassh@cassh100k
latest
Download

VidIQ - Video Intelligence & Query Tool

Download, understand, and manipulate any video from a URL.

Commands

# Video info (duration, resolution, codecs)
{baseDir}/scripts/vidiq.sh <url_or_path> info

# Extract N frames evenly spaced
{baseDir}/scripts/vidiq.sh <url_or_path> frames 10

# Single frame at timestamp
{baseDir}/scripts/vidiq.sh <url_or_path> frame 01:30:00

# Clip between timestamps
{baseDir}/scripts/vidiq.sh <url_or_path> clip 01:01:01 01:20:01 output.mp4

# Create GIF (start time, duration in seconds)
{baseDir}/scripts/vidiq.sh <url_or_path> gif 00:45:00 5

# Extract audio as MP3
{baseDir}/scripts/vidiq.sh <url_or_path> audio

# Detect scene changes
{baseDir}/scripts/vidiq.sh <url_or_path> scenes 0.3

# Visual mosaic (columns, total frames)
{baseDir}/scripts/vidiq.sh <url_or_path> mosaic 4 16

AI Analysis Workflow

  1. Extract frames: vidiq.sh <url> frames 10
  2. Feed frames to vision model for content understanding
  3. Answer questions about the video based on frame analysis

Supported Platforms

YouTube, TikTok, Instagram, X/Twitter, any direct video URL, local files.

Notes

  • Downloaded videos are cached in /tmp/vidiq/ for reuse
  • Frames output to /tmp/vidiq/frames_*/
  • For long videos, extract more frames for better coverage
  • GIFs are optimized with palette generation for small file size

Comments

Loading comments...