Video Editing
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: video-edit Version: 1.0.0 The skill bundle is classified as suspicious due to the inclusion of the `roop` (face swap) tool in `effects.md`, which is explicitly noted as 'controversial' with 'ethical concerns'. While the skill bundle itself does not instruct malicious use, this capability is inherently high-risk due to its potential for misuse (e.g., deepfakes) if the agent is not properly constrained or if user consent is not strictly enforced. Additionally, several files (`background-removal.md`, `effects.md`, `upscaling.md`) contain shell commands and loops that process user-provided files, which could introduce shell injection vulnerabilities if the agent does not adequately sanitize input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may suggest commands that create or alter video/audio outputs, so users should confirm file paths and keep originals.
The skill anticipates media-editing actions and includes a safeguard to preserve originals, making the tool-use guidance purpose-aligned but still worth user attention because it can modify media files.
- Ask what edit they need: remove background, color grade, upscale, stabilize, enhance - Always work on copies, preserve originals
Review commands before running them, use copies of source files, and avoid operating directly on irreplaceable media.
If users choose API workflows, they may need to provide third-party service credentials.
The skill includes optional API examples using provider API keys. This is expected for cloud AI video services, but credentials are not declared in the registry metadata.
headers={"Authorization": f"Bearer {API_KEY}"}Use service-specific, least-privilege API keys where possible and do not paste credentials into shared chats or saved documents.
Private footage, voices, faces, or business content could be sent to external providers if the user chooses those workflows.
The skill recommends web-based processing where media is uploaded to third-party services. This is disclosed and aligned with the purpose, but it crosses a data boundary.
- Upload audio/video - AI removes noise, enhances voice
Before uploading, check the provider’s privacy terms and avoid cloud tools for sensitive or confidential media unless approved.
Installing third-party media tools changes the local environment and depends on the trustworthiness of those packages.
The documentation includes user-run package installation examples for media tools. They are central to the stated purpose and not automatically executed by the skill.
pip install video2x
Install tools from official sources, review package provenance, and prefer isolated environments for experimental video-processing packages.