Skillv1.0.1

ClawScan security

video-clip-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 5:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (local clipping with yt-dlp/ffmpeg and an included ASS subtitle generator), but its runtime instructions and metadata are inconsistent and it asks you to generate-and-execute code (translation script) and optionally send audio to an external transcription API — these mismatches and execution-of-model-output are worth caution.
Guidance: Before installing: (1) be aware the SKILL.md requires yt-dlp, ffmpeg and python3 even though the registry metadata omitted them — verify you have those trusted binaries installed. (2) The skill will run shell commands and execute the bundled Python script; it also asks the agent to generate a Python file containing translations and then run it — this means model-generated output will be executed as code, which is risky. Consider running in a sandbox or inspect the generated script before execution. (3) The optional GROQ_API_KEY will send audio to https://api.groq.com for transcription — only set this if you trust that service and are comfortable sending audio. (4) Avoid supplying sensitive cookies or credentials; if you must provide cookies.txt, make sure it only contains what you intend. (5) The included ass-karaoke.py appears to be a local subtitle generator with no network calls, but the overall workflow executes external tools and network requests; if you need this functionality, prefer running it manually or in a controlled environment and review any generated scripts before execution.

Review Dimensions

Purpose & Capability: noteThe declared purpose (local YouTube clipping, subtitle translation, karaoke ASS generation) matches the SKILL.md and the included ass-karaoke.py. However the registry metadata lists no required binaries or env vars while SKILL.md explicitly requires yt-dlp, ffmpeg, and python3 (and optionally GROQ_API_KEY). The missing dependency declarations are an inconsistency that reduces transparency.
Instruction Scope: concernInstructions direct the agent to run arbitrary shell commands (yt-dlp, ffmpeg, cookies usage), locate files under ~/.claude/plugins, and — importantly — generate a Python script whose 'translations' list is filled by the model and then execute that script. Executing code that was produced at runtime by the model (even if nominally just a list of strings) is a vector for executing unexpected code if the generation is not strictly constrained. The find command could also match unexpected files under plugins if directory layout is different.
Install Mechanism: okThere is no install spec and the skill is instruction-only with one bundled Python script. Nothing is downloaded or extracted by the skill itself, which keeps install risk low.
Credentials: noteThe skill has no required environment variables, but SKILL.md documents an optional GROQ_API_KEY for an external transcription service (api.groq.com). That optional credential is coherent with the claimed Whisper fallback, but the registry metadata did not advertise this optional env var. The skill may also encourage use of a cookies.txt file which could contain sensitive session cookies — the instructions reference using such a file for throttling workarounds.
Persistence & Privilege: okThe skill is not always-enabled and does not declare elevated persistence or attempts to modify other skills or system-wide settings. It runs on-demand and writes only its own ASS output file by design.