Skillv1.0.2

ClawScan security

剪映AI文字成片_无限 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 11:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match its stated goal (automating the 剪映 desktop client) but contain a few odd or risky choices (self-modification guidance, hard-coded admin paths, runtime package installs and clipboard/screenshot operations) that are disproportionate or unclear and merit review before running.
Guidance: What to check before installing or running this skill: - Review all included scripts yourself. They will execute on your machine and perform mouse/keyboard actions, set the clipboard, save screenshots, and may install Python packages. - The code uses hard-coded Windows paths (C:\Users\admin\...) — update them to your environment before running. - SKILL.md asks the agent to 'modify this skill file' as it iterates. Decide whether you want any self-modifying behavior; remove or disable that instruction if you do not. - The scripts can install pyautogui via pip at runtime (network download). If you must avoid network installs, preinstall dependencies in a controlled environment. - Because the automation uses clipboard and screenshots, be cautious: sensitive on-screen data could be captured or briefly placed on the clipboard. Run in an isolated VM or a test machine if possible. - Test the scripts manually (step-by-step) with the actual 剪映 client in a safe environment before granting them full run permission. Confirm coordinates in jianying_coords.json match your screen and UI scale. - If you do not trust the unknown source / owner, do not run these scripts on a host with sensitive data. Additional information that would raise confidence: a known publisher/homepage, signed/reviewed release, or a version without the self-modification instruction and without hard-coded admin paths.

Review Dimensions

Purpose & Capability: noteName/description align with the included code: the Python scripts automate the local 剪映 (Jianying) desktop client via pyautogui/win32 calls and use a coordinates JSON and script.txt input. No unrelated credentials, network endpoints, or cloud services are requested. However several scripts hard-code Windows paths (e.g., C:\Users\admin\...) which is brittle and unusual for a generic skill and suggests it was built for a single machine/account.
Instruction Scope: concernSKILL.md and the scripts instruct the agent to read script.txt and jianying_coords.json, activate and control the local GUI, set the clipboard, paste content, take screenshots, and click the 'generate' button only after user confirmation. Those actions are consistent with the purpose, but SKILL.md's 'iterate and modify this skill file' principle encourages the agent to edit its own skill files (self-modifying behavior) — that is scope creep not reflected in the code and increases risk. The skill also uses the clipboard and writes screenshots (final_state.png) which could capture sensitive on-screen content.
Install Mechanism: noteNo install spec in registry, but the main script can auto-install pyautogui via pip at runtime (ensure_pyautogui). Installing packages from PyPI at runtime is common for automation but does perform network installs and writes to the local Python environment — a moderate-risk action if you don't trust the package source or environment.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It only needs access to local files in the skill directory and to control the desktop. This is proportionate to a GUI automation task. Note: absolute hard-coded paths to Desktop and a specific user account are present and may unintentionally access other locations if changed.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills or system-wide settings. However SKILL.md explicitly instructs iterative modification of the skill file (which could lead to self-modifying behavior if the agent follows it). The code also may install Python packages into the environment, which is a form of persistent change.