ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Batch Video Creator Skill

v1.0.1

Batch Video Creator is an AI workflow for batch video production when you need dozens of consistent clips without manual editing one by one. It automates tem...

0· 87·0 current·0 all-time
bywes@imwyvern
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes non-trivial video processing (FFmpeg-like transforms, TTS voiceovers, color grading, export, deduplication) that would normally require binaries, libraries, or third-party APIs and likely credentials (storage, TTS, CDN). The skill declares no required binaries, env vars, or install steps — the description reads like marketing copy rather than an actionable runtime spec, which is an incoherence.
Instruction Scope
The runtime instructions are high-level and do not direct the agent to read local files, system paths, or environment variables. They also do not specify how or where processing happens (local tools vs external service). Lack of concrete commands reduces immediate risk of hidden file access but leaves too much unspecific agent discretion (e.g., where to upload source videos).
Install Mechanism
There is no install spec and no code files — this instruction-only skill does not write files or download binaries during install, which minimizes install-time risk.
!
Credentials
No environment variables, credentials, or config paths are requested despite capabilities that normally require access to TTS services, cloud storage, or video-processing tools. The omission is disproportionate and ambiguous: either the skill relies on platform-provided tooling (not documented) or it will request credentials/perform network operations at runtime (not declared).
Persistence & Privilege
The skill does not request persistent inclusion (always: false) and does not claim to modify other skills or system-wide settings. It uses the platform's normal autonomous-invocation model.
What to consider before installing
This skill's marketing-style description promises heavy video processing but gives no operational details. Before installing or using it, ask the publisher: 1) Where does the processing run — locally on your agent, or on MediaClaw/third-party servers? 2) Exactly which binaries or services are required (ffmpeg, Blender, TTS provider names) and what credentials will be requested? 3) Will source videos be uploaded to external servers, and what are retention/privacy policies? 4) For enterprise/API features, what endpoints and auth will be used? 5) Test with non-sensitive sample videos first. If the publisher cannot provide clear answers (a list of required binaries, explicit external endpoints, and a privacy/data flow description), treat the skill as risky and avoid sending real/PII-containing media.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d7r8gdpf837w9z21v9anjfs83xxy3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments