Back to skill
Skillv1.0.2
ClawScan security
Material Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 10:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose: it analyzes a provided video, may read/write frame images locally, and produces a markdown report using the included template; it does not request credentials or external network access.
- Guidance
- This skill appears coherent and matches its description. Before installing or running it, be aware that: it will need access to the video file you provide and may create a directory of extracted frame images in the current working directory (potentially many files). If you prefer not to have files written, provide an existing frame-folder path or run the skill from a controlled directory. The skill does not request credentials or network endpoints, but avoid supplying sensitive videos you do not want processed locally. If you want more assurance, you can ask for a dry-run that only reads metadata (no frame extraction) or run the skill in an isolated workspace.
Review Dimensions
- Purpose & Capability
- okName/description (analyze ad videos and produce a report) match the instructions: verifying a video, extracting frames, analyzing structure, and producing a markdown report. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- noteInstructions legitimately require filesystem access to the provided video and may write extracted frame images into a folder under the current working directory. This is expected for video analysis but worth noting: the skill will check paths, read metadata, and may save many image files. It does not instruct the agent to read unrelated files, access environment variables, or transmit data externally.
- Install Mechanism
- okNo install spec or remote downloads — the skill is instruction-only and relies on ffmpeg being present on the user's system. The skill explicitly prompts the user to install ffmpeg if missing (but does not provide installation commands). This is low-risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. All required inputs are user-supplied (video path, category/vertical, platform).
- Persistence & Privilege
- okSkill is not marked always:true and does not request persistent or cross-skill configuration. Autonomous invocation is allowed by default but is not combined with other concerning privileges.