Openclaw Thumbnail Forge
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing an unpinned package can pull the latest available version, which may differ across systems.
The skill depends on the Pillow Python package but does not pin a version in the setup instruction. This is a normal dependency for local image processing, but users should install it from a trusted package source.
pip install Pillow
Install Pillow in a virtual environment from the official package index or pin a known-good version if reproducibility matters.
The tool will process local media files and create output images/reports in the paths the user provides.
The script invokes ffmpeg on user-supplied video paths and writes generated frames. This is central to the skill's purpose and uses argument lists rather than shell execution, but it still relies on local multimedia tooling.
subprocess.run(["ffmpeg", "-hide_banner", "-y", "-ss", f"{timestamp}", "-i", str(src), "-frames:v", "1", "-q:v", "2", str(out_path)], ...)Use trusted media files where possible, keep ffmpeg/Pillow updated, and choose output directories intentionally.