Meta Video Ad Analyzer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: meta-video-ad-analyzer Version: 1.0.0 The skill bundle is classified as benign. It uses `subprocess.run` for `ffmpeg` and `ffprobe` for video processing and accesses `GOOGLE_APPLICATION_CREDENTIALS` for Google Cloud API authentication, which are high-risk capabilities but are necessary and used appropriately for the stated purpose of video analysis. The prompt files (`prompts/*.md`) contain strict instructions for the LLM to control its output format, which is a defensive measure against unstructured responses, not an attempt at prompt injection against the OpenClaw agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the service account is broad, the skill or its dependencies could access more Google Cloud resources than needed.
The skill expects a Google service-account credential for Gemini Vision and Speech-to-Text. This is consistent with the stated purpose, but it grants cloud account/API authority that should be scoped.
GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json ... same service account needs Speech-to-Text API enabled
Use a dedicated, least-privilege service account limited to the required Vertex AI/Gemini and Speech-to-Text permissions.
Private or sensitive video/audio content may be submitted to Google services during analysis.
The skill discloses external provider processing for audio, frames, and video analysis. This is purpose-aligned, but it means user media content may leave the local environment.
Audio Transcription: Convert speech to text with Google Cloud Speech ... AI Scene Analysis: Describe each scene using Gemini Vision ... Native Video Analysis: Direct Gemini analysis for <20MB files
Analyze only content you are permitted to share with Google services, and review your Google Cloud data handling settings and retention policies.
Installing unpinned dependencies can expose the environment to unexpected package changes or compromised upstream packages.
The setup uses manual installation of multiple unpinned Python packages and system tools. These dependencies are expected for video/OCR/transcription work, but provenance and versions are user-managed.
pip install opencv-python pillow easyocr ffmpeg-python google-cloud-speech vertexai google-api-python-client ... Also requires `ffmpeg` and `ffprobe` installed on system.
Install in an isolated virtual environment, pin dependency versions where possible, and obtain ffmpeg/ffprobe from trusted package sources.