Skillv2026.3.5

ClawScan security

Qcut Video Edit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 5:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and runtime instructions describe controlling a local QCut CLI/desktop (bun, electron, qcut-pipeline) and reading/writing local config and other agent skill files, but the skill metadata declares no required binaries, env vars, or install steps — those mismatches and the ability to reveal local API keys and read other agent files are concerning and should be clarified before installing.
Guidance: What to consider before installing or running this skill: - The SKILL.md expects you to have and run local developer tools (bun, electron) and the qcut pipeline. The skill metadata does not declare those required binaries — confirm you have the intended QCut application and that these commands are safe in your environment. - The instructions access local configuration (~/.qcut/.env) and include commands to set and reveal API keys. Never run commands that reveal secrets unless you explicitly trust the environment and understand where output goes. - The skill suggests reading other agent skill files (e.g., .agents/skills/...), which means it expects access to your agent's filesystem. If you do not want a skill to read other skill files or local configs, avoid running these commands or run them in an isolated environment (VM/container). - Building and launching (bun run build; bun run electron &) executes code on your machine. Treat that like running any unreviewed program — inspect upstream source or run in an isolated test environment first. - Ask the publisher for clarifications: a list of explicit required binaries, which local paths will be read/written, and why reading .agents/skills is necessary. Prefer installing only from a trusted homepage/source; this package has 'Source: unknown' and no homepage, which reduces provenance confidence. - If you need to proceed, run commands manually rather than letting an agent run them autonomously, and avoid using any --reveal or other flags that expose full secret values.

Review Dimensions

Purpose & Capability: concernThe skill claims to run QCut's native TypeScript pipeline and editor HTTP automation (which legitimately requires local binaries like bun, a qcut-pipeline binary, electron, and curl). However the registry metadata lists no required binaries, no required env vars, and no install steps. That is an incoherence: documentation expects tools that are not declared as required.
Instruction Scope: concernThe SKILL.md instructs the agent to run local shell commands (curl to http://127.0.0.1:8765, bun run build, bun run electron, bun run pipeline commands), read/write ~/.qcut/.env, dump project state to disk, and locate other agent files (e.g., .agents/skills/remotion-best-practices/SKILL.md). These actions go beyond simple CLI usage: they can start background processes, read local config and other skill files, and (via pipeline key commands) potentially reveal secret values if a user runs 'get-key --reveal' or similar. The instructions also give broad discretion to import/export files and interact with the editor API — not strictly scoped to a single narrow task.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there's no installer or external binary being downloaded by the skill package itself. That reduces risk from remote code fetch, but the runtime instructions still direct running local build/execution commands (bun/electron).
Credentials: concernThe docs reference many API keys stored at ~/.qcut/.env (FAL_KEY, GEMINI_API_KEY, OPENAI_API_KEY, etc.) and include commands to set/check/reveal keys, but the skill metadata declares no required environment variables or primary credential. This is a mismatch: the skill expects to manage/inspect local secrets but doesn't declare any credential access. Additionally, commands can expose whether keys are configured and (with --reveal) full values — a potential vector for accidental secret disclosure if used carelessly.
Persistence & Privilege: okThe skill does not set always:true and has no install mechanism that would embed it persistently. It does instruct launching local processes (bun run electron &), but that is a normal behavior for a CLI controlling a local desktop app and not a privilege escalation of the skill package itself.