ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Upload Video Compressor

v1.0.0

Compress oversized videos into upload-ready files for creators, ecommerce teams, and operators while keeping practical clarity. Use when a video is too large...

0· 69·0 current·0 all-time
byLeroyCreates@leooooooow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match: compress videos for upload-ready output. However, the skill claims to produce an upload-ready version (a file) yet declares no required binaries, no install steps, and no access paths for input/output files. This is plausible if the skill only returns a plan, but the wording implies performing compression, creating an incoherence between claimed capability and declared requirements.
!
Instruction Scope
SKILL.md focuses on a workflow and expected outputs but contains no concrete runtime commands, no guidance about which compressor (e.g., ffmpeg) to call, and no description of how the agent should access the 'Source video file' or return a binary output. Instructions do not reference any external endpoints or credentials (good), but they are open-ended about file I/O and agent actions, granting broad discretion without specifying limits.
Install Mechanism
There is no install spec and no code files — lowest-risk from an installation perspective. Because nothing is downloaded or written by an install step, there is no immediate supply-chain download risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate given the lack of concrete runtime behavior, but it reinforces the ambiguity: if the skill were to actually perform compression it would normally require tools or file access which are not declared.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request persistent elevation or modification of agent-wide settings. No red flags in persistence or privilege are present.
What to consider before installing
This skill appears coherent as a high-level advisor (giving a compression plan and tradeoffs) but its language implies it will produce an actual compressed file. Before installing or running it, ask the author: (1) Does the skill actually perform compression or only return a plan/commands? (2) If it performs compression, which binaries (e.g., ffmpeg) or services does it require, and how will it access the source video and return the compressed file? (3) Will it ever attempt to upload files to external endpoints or ask for storage credentials? If you want the agent to perform file-level operations, prefer a version that declares required tools and explicit file-access behavior; otherwise treat this as a planning-only helper and test it first with non-sensitive dummy files.

Like a lobster shell, security has layers — review code before you run it.

latestvk970xhd8tgf7hgzpajvb28qr5x83a3z1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments