ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawbot-drama-producer

v1.0.2

皮皮虾职场短剧全流程制作技能。用于为「皮皮虾」(机械龙虾AI-bot)职场短剧生成镜头视频、剪辑成片、配音配乐并发布到飞书群。完整流程:图生视频(I2V) → ffmpeg规范化+剪辑 → TTS配音 → BGM混音 → 飞书媒体消息发送。当用户提到制作皮皮虾短剧、生成新镜头、剪辑视频、配音配乐、或将视频/音频发...

0· 282·0 current·0 all-time
byRong@kylinr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (generate I2V, normalize/trim, TTS, mix audio, post to Feishu) aligns with the included scripts and instructions. However the SKILL.md and scripts assume the presence of specific binaries/paths and an agent config file (e.g., /workspace/bin/ffmpeg, /app/openclaw/node_modules/.bin/node-edge-tts, /root/.openclaw/openclaw.json) but the skill declares no required env vars or config paths — a mismatch between claimed requirements and actual runtime needs.
!
Instruction Scope
Runtime instructions and scripts explicitly read /root/.openclaw/openclaw.json to extract Feishu appId/appSecret, generate tenant tokens, upload media, and send messages. They also read/write files under /workspace and /tmp and call external endpoints (Feishu API and incompetech for BGM). Reading agent config and tenant credentials is outside a minimal 'video production' description unless sending to Feishu is explicitly declared with required credential access.
Install Mechanism
No install spec (instruction-only with helper scripts). That minimizes installation risk because nothing is fetched or executed at install time, but the runtime scripts will execute local binaries and network calls.
!
Credentials
The skill does not declare any required environment variables or config paths, yet the scripts extract appId/appSecret from /root/.openclaw/openclaw.json and call Feishu APIs. Accessing tenant credentials and agent configuration is a high-privilege operation relative to a content-production task and should be explicitly declared and consented to. The skill also expects ffmpeg/ffprobe and node-edge-tts at specific paths (implicit requirements).
!
Persistence & Privilege
always:false and no self-enabling behavior is present, which is good. However the skill reads the agent's global config (/root/.openclaw/openclaw.json) to obtain credentials for Feishu; reading another component's config expands its effective privilege and blast radius even though it does not persist or alter other skills. This is a notable privilege surface to surface to the user.
Scan Findings in Context
[reads-openclaw-config] expected: The send_audio.sh and send_video.sh scripts load /root/.openclaw/openclaw.json to extract feishu appId/appSecret. Reading credentials is necessary to post to Feishu but the skill did not declare config paths or required credentials.
[calls-feishu-api] expected: Scripts perform tenant token request and upload/send media to https://open.feishu.cn/open-apis/* — this is consistent with the stated goal of publishing to Feishu, but it will transmit media and text to an external group using tenant credentials.
[uses-local-ffmpeg-and-edge-tts] expected: The skill expects ffmpeg/ffprobe at /workspace/bin and node-edge-tts at /app/openclaw/node_modules/.bin/node-edge-tts. These binaries are required for video/audio work but were not declared in the skill metadata.
What to consider before installing
This skill appears to implement the video/TTS/mix/send workflow described, but it silently reads your agent's global config (/root/.openclaw/openclaw.json) to obtain Feishu appId/appSecret and then uses those credentials to upload media and post messages. Before installing or enabling it: (1) Inspect /root/.openclaw/openclaw.json to confirm what credentials and scopes would be used and whether you want this skill to access them; (2) Prefer creating a dedicated Feishu bot/account with minimal permissions for publishing content instead of reusing tenant/global credentials; (3) Ensure ffmpeg, ffprobe and node-edge-tts are present at the expected paths or update the scripts to point to approved binaries; (4) Consider running the skill in a sandboxed workspace so it cannot read other sensitive files; (5) If you want stricter controls, ask the author to declare required config paths/env vars (or refactor to accept explicit credentials via secure input) so consent is explicit. If you want me to, I can suggest concrete changes to the scripts to avoid reading global config and to document required credentials.

Like a lobster shell, security has layers — review code before you run it.

dramavk9778qww4zfk0ez6asaqa6sbn582gdfnfeishuvk9778qww4zfk0ez6asaqa6sbn582gdfnlatestvk9778qww4zfk0ez6asaqa6sbn582gdfnopenclawbotvk9778qww4zfk0ez6asaqa6sbn582gdfnvideovk9778qww4zfk0ez6asaqa6sbn582gdfn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments