ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

news-video-maker

v1.0.4

News video maker skill. Use search tools to get news, generate speech, and create video with golden subtitles. For creating news briefing videos.

0· 233·1 current·1 all-time
byzorro@izorro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (news video maker) align with instructions: it uses web search skills to gather news, a TTS tool to produce audio, and ffmpeg to assemble video and subtitles — these are expected capabilities for this skill.
Instruction Scope
Instructions stay within the stated purpose and do not ask for unrelated files or credentials. They do reference using other skills (search, TTS) and running ffmpeg. The SKILL.md hard-codes a default Windows output directory (C:\Users\hyzu\Documents\openclaw\), which is odd for a cross-platform skill and could cause accidental writes to a user folder if used as a default.
Install Mechanism
This is instruction-only (no install spec), which minimizes installer risk. However, the instructions assume an ffmpeg binary is available on PATH but the registry metadata lists no required binaries — that's an omission the user should address (install ffmpeg from an official source).
Credentials
The skill requests no environment variables or credentials and the runtime instructions do not ask for secrets. This is proportionate to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated or persistent privileges. Autonomous invocation is allowed by platform default but is not combined with other high-risk factors here.
Assessment
This skill appears to do what it says: search for news, synthesize speech, and call ffmpeg to produce an MP4 with subtitles. Before using it: 1) ensure ffmpeg is installed from an official source and available on PATH (the manifest doesn't declare it); 2) confirm you have the referenced search and TTS skills/tools available and permitted; 3) change the hard-coded default output path to a directory you control to avoid unwanted writes to your user folder; 4) verify the agent will only run when you invoke it (if you don’t want autonomous runs); and 5) review any generated audio/images for copyright or privacy issues. If you want higher assurance, ask the skill author to declare required binaries and provide cross-platform paths or an explicit prompt for output directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qjxpc8exkks2cath5qfcn582qmxj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments