Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FCPX Assistant
v3.0.0-betaFinal Cut Pro X (FCPX) 助手 — 全自动视频生产(从主题到发布)、TTS 配音、素材搜集、自动成片、调色、B-roll 插入、FCP 项目管理、剪辑辅助。触发词: FCPX, FCP, Final Cut, 做视频, 自动成片, 配音, voiceover, 素材, 导入素材, 导出, 发布...
⭐ 0· 144·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The scripts and SKILL.md implement video production, FCP control (osascript), TTS, media collection, and publishing — all coherent with the skill name. However, the ai-script-generator expects a DASHSCOPE_* API (DASHSCOPE_API_KEY, DASHSCOPE_API_BASE, DASHSCOPE_MODEL) and defaults to a non-standard endpoint (dashscope.aliyuncs.com) which is not documented in the SKILL.md summary or registry metadata. The package.json version (2.4.2-beta) also doesn't match the registry metadata version (3.0.0-beta), and the skill claims no required env vars while code clearly uses several.
Instruction Scope
Runtime instructions direct running many shell scripts (ffmpeg, edge-tts, whisper, osascript) and starting a web UI on localhost:7861. The scripts will create config files under $HOME/.fcpx-assistant/publish and instruct users to paste website cookies (via browser dev tools) into JSON files — this is sensitive because cookies can grant account access. ai-script-generator sends prompts and topics to an external API endpoint (dashscope) using an API key environment variable; that transmits user-provided topics and generated content off-host. These credential- and data-transmission actions are outside what the registry metadata declared.
Install Mechanism
No install spec is provided (instruction-only install), and all files are included in the bundle. There are no remote downloads or URL shorteners in the included files. The risk surface comes from executing provided scripts, not from an external installer fetching arbitrary archives.
Credentials
Registry metadata declares no required environment variables or credentials, but scripts reference multiple sensitive config points: DASHSCOPE_API_KEY / DASHSCOPE_API_BASE / DASHSCOPE_MODEL in ai-script-generator.sh; optional PEXELS_API_KEY and PIXABAY_API_KEY in references; and platform publishing credentials/cookies stored under ~/.fcpx-assistant/publish/*.json (bilibili/youtube/tiktok/xiaohongshu). The skill asks users to copy browser cookies into config files — a high-risk operation. These environment/credential needs are not declared in the skill metadata and are disproportionate to the transparency expected.
Persistence & Privilege
The skill does not set always:true and does not request system-wide privilege. It writes configuration to a per-user directory (~/.fcpx-assistant) and launches a local web UI; both are normal for this class of tool. There is no evidence it modifies other skills or global agent settings.
What to consider before installing
What to consider before installing/running this skill:
- Hidden API key requirement: The ai-script-generator script requires DASHSCOPE_API_KEY (and optionally DASHSCOPE_API_BASE/MODEL). The skill metadata declared no env vars, so if you run the generator it will fail or attempt to call the default external endpoint (dashscope.aliyuncs.com). Treat that external API as a third party that will receive your topics and prompts.
- Cookie-based publishing is sensitive: The auto-publish flow asks you to paste browser cookies into JSON files stored under ~/.fcpx-assistant/publish/*.json. Cookies can grant access to your accounts; do not paste cookies unless you understand the risk. If you must use automatic publishing, prefer OAuth/official APIs and limit file permissions (chmod 600) and consider using service accounts with limited scope.
- Local web UI: start-webui.sh launches a local server on http://localhost:7861. Running a web UI increases attack surface; review webui/app.py before exposing it, and do not run it on a machine with sensitive data unless you trust the code.
- Default external AI endpoint: The scripts default to a non-standard 'DASHSCOPE' API. If you prefer local models or a provider you control, modify the scripts to use your provider or require an explicitly set API_BASE/API_KEY.
- Inspect and sandbox: Because the bundle includes many executable shell and Python scripts, review the code (you have it) and run it in an isolated environment (VM or disposable macOS machine) before using on your main workstation. Pay attention to any scripts that use curl/eval/eval of constructed commands or write files in home directories.
- Avoid pasting passwords: The skill suggests cookies instead of passwords; don't store plaintext passwords in these JSON files. Use least-privileged credentials and rotate them.
- Miscellaneous: Owner and homepage are unknown; package.json and registry versions mismatch. These are signs of low provenance — prefer well-documented sources or fork and harden the scripts yourself before trusting them.
If you want, I can: (1) point to the exact lines that reference each credential/cookie, (2) suggest safe edits to avoid external API calls, or (3) produce a checklist for sandboxed testing of the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk971j039dm7cg98fzp85y3tj8184a0tw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.