ClawdBites

The skill is classified as suspicious due to its reliance on powerful shell commands (`yt-dlp`, `ffmpeg`, `whisper`) and external API calls (implied Claude Vision API for frame analysis), which are inherently high-risk capabilities. While these actions are plausibly needed for the stated purpose of extracting recipes from Instagram reels, and there's no clear evidence of malicious intent like data exfiltration or unauthorized remote control, the broad access to shell execution and external network communication without stringent input sanitization or sandboxing raises concerns. The `SKILL.md` also contains strong directives to the AI agent (e.g., 'ALWAYS follow this complete flow', 'Automatically proceed to audio transcription'), which, while currently aligned with the skill's purpose, demonstrate a potential for prompt injection if the instructions were to be subtly altered for malicious ends.