Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Boxed FFmpeg
v1.0.0Audio/video information extraction, format conversion, and audio extraction using FFmpeg WASM sandbox.
⭐ 0· 30·0 current·0 all-time
by@guyoung
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Boxed FFmpeg) match the runtime instructions: it requires a WASM sandbox plugin and a boxed-ffmpeg.wasm component and shows how to run ffmpeg-like commands via wasm-sandbox-run. There are no unrelated environment variables or extraneous capabilities requested.
Instruction Scope
Instructions stay within the stated purpose (run FFmpeg-like operations in a WASM sandbox). They only reference workspace directories and the skill-specific path under ~/.openclaw/skills. However, the runtime steps instruct downloading and executing a WASM binary; while the skill claims 'no network access needed' for processing, it still requires an initial network download of the WASM file, and the agent is asked to write that binary into the skills directory.
Install Mechanism
There is no formal install spec, but SKILL.md requires installing the openclaw-wasm-sandbox plugin and explicitly provides a raw GitHub URL to download a WASM component from a user repo (guyoung/... on raw.githubusercontent.com). Downloading and executing an unsigned WASM from an arbitrary user repository and placing it under ~/.openclaw/skills is high-risk because there is no checksum/signature, no pinned release, and the source repo is not described or verified. The plugin installation and gateway restart steps also alter the agent environment and should be reviewed before proceeding.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate. One important note: the skill requires setting workDir to the directory containing input files — any files inside that directory will be accessible to the WASM component, so avoid using sensitive system directories.
Persistence & Privilege
The skill does not request 'always: true', but it requires installing a plugin and restarting the OpenClaw gateway, which modifies the agent runtime environment. Combined with the remote WASM download and autonomous invocation being allowed (default), this increases the blast radius: a downloaded WASM run by the sandbox could be invoked by the agent repeatedly without further confirmation. That combination is worth caution even though autonomous invocation itself is normal.
What to consider before installing
This skill appears to do what it says (FFmpeg in a WASM sandbox) but requires installing a plugin and downloading a WASM binary from a third-party GitHub repo without any checksum or signature. Before installing: (1) Verify the openclaw-wasm-sandbox plugin source and inspect its code/reviews; (2) verify the boxed-ffmpeg-component.wasm provenance — prefer a signed/pinned release or a trusted org repo; (3) if possible, download the WASM manually, verify its integrity, and place it locally rather than letting the agent fetch it automatically; (4) do not set workDir to sensitive system directories — use an isolated workspace; (5) consider testing the plugin and WASM inside an isolated VM/container first; (6) require explicit user consent for plugin installation and gateway restart. If you cannot verify the plugin and WASM authorship and integrity, treat this skill as higher-risk and avoid installing it on sensitive systems.Like a lobster shell, security has layers — review code before you run it.
latestvk970jkb2w7d8kgg2vh16c2r32h845r0j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.