ClawHub

Media Processor

v1.0.0

音视频处理器 - 企业级多媒体内容处理工具 | Media Processor - Enterprise multimedia content processing

0· 115·1 current·1 all-time
byLv Lancer@kaiyuelv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (media processing) matches the included code (video/audio editor, ffmpeg wrapper, whisper-based transcriber) and requirements (FFmpeg, moviepy, whisper). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs only local media processing and how to install dependencies. The transcriber loads Whisper models at runtime — that may cause large model downloads from the network (expected for transcription). The runtime instructions do not reference unrelated files, environment variables, or external endpoints beyond the normal model download behavior.
Install Mechanism
There is no automated install spec; SKILL.md instructs using pip install -r requirements.txt and installing FFmpeg manually. This is reasonable for a Python media tool, but note that installing whisper/torch can trigger large downloads and GPU drivers; model weights may be downloaded at first use.
Credentials
The skill requires no environment variables or credentials. Declared dependencies and external requirements (FFmpeg, Whisper) are proportionate to transcription and transcoding functionality.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no code that writes to system-wide agent configs. It runs as a normal user tool operating on local files.
Assessment
This code appears to be a straightforward on-host media processing library. Before installing or running: 1) ensure FFmpeg and ffprobe are installed and on PATH (video_processor uses ffprobe); 2) be aware Whisper (openai-whisper) may download large model weights at first use and require significant CPU/GPU and disk space; 3) the code has a few implementation bugs (e.g., video_processor sometimes appends '-c:v copy' as a single arg which can break ffmpeg invocation, and tests expect an 'error' key that get_info currently doesn't return) — these are quality issues but not indicators of malicious behavior; 4) run code on non-sensitive/test media first and inspect any network activity (model downloads) if you need to enforce offline operation; 5) if you will process untrusted filenames, validate/normalize paths (they are written into a temporary concat list file and may be interpreted by ffmpeg).

Like a lobster shell, security has layers — review code before you run it.

latestvk9796ts5z61mwbcweyyk7hbhfn834eps

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments