ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Video Captions

v1.0.1

Generate professional captions and subtitles with multi-engine transcription, word-level timing, styling presets, and burn-in.

2· 732·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual instructions: transcription, timing, styling, and burn-in. Required binaries (ffmpeg, whisper) are appropriate. Optional cloud API keys (AssemblyAI, Deepgram) are declared in metadata and are relevant to higher-accuracy cloud engines.
Instruction Scope
SKILL.md contains concrete shell commands (whisper, whisper_timestamped, ffmpeg, curl for Deepgram) that operate on user video files and outputs captions/subtitled video. It does not instruct the agent to read unrelated system files or exfiltrate unrelated secrets. It does recommend installing Python packages (pip), which is expected for local engines but should be performed by the user in a trusted environment.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. However engines.md shows example pip install commands for third-party Python packages—these are not auto-run by the skill but are a user action that can pull arbitrary code. Users should vet package sources and install in isolated environments if concerned.
Credentials
The skill does not require any environment variables by default. The metadata lists optional API keys (ASSEMBLYAI_API_KEY, DEEPGRAM_API_KEY) that are directly relevant to the cloud transcription options shown. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent system configuration. disable-model-invocation is false (normal), meaning the agent can call the skill autonomously — this is expected for skills and is not excessive here.
Assessment
This skill appears coherent for captioning tasks, but review these before using: 1) It expects ffmpeg and a Whisper CLI on PATH — ensure you trust those binaries and their versions. 2) The docs recommend pip installs (openai-whisper, whisper-timestamped, stable-ts, etc.); install packages from trusted sources and consider a virtualenv or container. 3) Local processing is the default (best for privacy). Only supply cloud API keys (AssemblyAI / Deepgram) if you consent to sending video/audio to those services. 4) Example ffmpeg burn-in commands depend on fonts and may require installing or mapping fonts on your system. 5) If you plan to let an autonomous agent run this skill, be aware it could process any video files the agent is given — limit scope and run in an isolated environment if you have sensitive content.

Like a lobster shell, security has layers — review code before you run it.

latestvk978s5ecz3qn0remrjjy2jc6n981ett2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
OSLinux · macOS
Binsffmpeg, whisper

Comments