Media Processor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward media-processing skill, with expected notes around installing multimedia dependencies and running local FFmpeg commands on user-chosen files.
Before installing, use a virtual environment, install FFmpeg from a trusted source, and confirm input/output paths so important files are not overwritten. The notes are expected for a local media-processing tool and do not indicate malicious behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependencies may pull newer package versions than the author tested.
The skill asks users to install third-party multimedia packages using lower-bound version ranges rather than pinned versions or hashes. This is common for Python projects and aligned with the skill purpose, but dependency versions can change over time.
moviepy>=1.0.3 pydub>=0.25.1 librosa>=0.10.0 openai-whisper>=20231117
Install in a virtual environment and consider pinning or reviewing dependency versions before use.
Using the skill will run local media-processing commands and consume local CPU/disk resources.
The code launches a local FFmpeg binary through subprocess. This is central to the media-processing purpose and is not hidden, but it means the skill executes local tooling on provided media paths.
cmd = [self.ffmpeg_path] + args process = subprocess.Popen(
Use a trusted FFmpeg installation and review the media paths and options before running large or important jobs.
A mistaken output filename could overwrite an existing media file or other writable file.
FFmpeg is invoked with the overwrite flag and a caller-supplied output path. This is expected for conversions, but a bad output path could replace an existing file.
args = ['-i', input_path, '-y'] ... args.append(output_path)
Choose output paths carefully, avoid protected or important directories, and keep backups of original media.