Roblox Clip Transformer
PassAudited by ClawScan on May 10, 2026.
Overview
The artifacts look like a purpose-aligned local video-editing skill, with no evidence of credential theft, uploads, or hidden persistence.
This appears safe to use as a local video-editing helper if you trust the dependencies. Install packages in an isolated environment, keep FFmpeg current, avoid overwriting important files, and inspect the complete `scripts/platform-render.py` if you need high assurance because the provided review copy was truncated.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependencies may pull in third-party code that was not pinned or locked in the skill artifacts.
The skill relies on external Python packages without pinned versions. This is common for media-processing tools, but installation trust is delegated to the package ecosystem.
Install with: `pip install ffmpeg-python librosa openai-whisper`
Install in a virtual environment, prefer pinned versions or a lockfile when available, and obtain FFmpeg/Whisper dependencies from trusted sources.
The skill will run local media tools on selected files and may overwrite an output file if the user points it at an existing path.
The renderer invokes local FFmpeg and uses `-y`, which overwrites the chosen output path. This is expected for a video rendering skill and uses argument lists rather than shell execution.
cmd = ["ffmpeg", "-y", "-i", input_path] ... result = subprocess.run(cmd, capture_output=True, text=True)
Use trusted media files, keep FFmpeg updated, and choose output filenames or directories that are safe to overwrite.
If untrusted text is used directly as a title or CTA, rendering may fail or behave unexpectedly.
Title and CTA text are interpolated into an FFmpeg filter string. In normal use this is user-provided overlay text, but unescaped filter text can break rendering or cause unintended FFmpeg filter behavior.
drawtext.append(f"drawtext=text='{title}':fontcolor=white:fontsize=48:x=(w-text_w)/2:y=h*0.1")Use simple trusted overlay text, or update the script to escape FFmpeg drawtext values before rendering.