Podcastifier
PassAudited by ClawScan on May 1, 2026.
Overview
Podcastifier is a local text-to-audio skeleton that reads a chosen text file and runs ffmpeg, with no hidden network access, persistence, or destructive behavior evident.
This appears safe to review as a simple local media-conversion skeleton. Before installing, note that it does not yet implement real TTS provider calls, and if you add an API key or delivery hook later, review that new code separately.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can run ffmpeg locally and create an output file at the requested path.
The script invokes ffmpeg and writes to a user-specified output path. This is purpose-aligned for media generation and does not use a shell, but it is still a local tool action that can create or overwrite files the user selects.
subprocess.run(["ffmpeg", "-f", "concat", "-safe", "0", "-i", concat_list, "-c", "copy", args.out], check=True)
Use it only with intended input files and output locations, and keep ffmpeg installed from a trusted source.
On shared systems, temporary audio or concat-list files could be more exposed to local race/interference issues than necessary.
Temporary files are created with tempfile.mktemp, which is less safe than managed temporary-file APIs because another local process could theoretically interfere with the path before it is used.
path = tempfile.mktemp(suffix=f"_{idx}.wav")Prefer running in a normal single-user environment; maintainers should replace mktemp with TemporaryDirectory or NamedTemporaryFile.