Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
百度智能云VOD视频翻译
v1.0.2百度智能云VOD视频翻译工具。支持字幕翻译和语音翻译(配音),支持用户上传字幕、自定义字幕样式,支持批量处理文件夹中的视频,处理后可下载到本地或上传到网盘。当用户提及"视频翻译"、"翻译视频"、"把视频翻译成XX语"时触发。
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, SKILL.md and the included scripts all implement a Baidu VOD (vod.bj.baidubce.com) translation workflow (upload media, create projects/tasks, translate subtitles/tts). Requiring BAIDU_VOD_AK/BAIDU_VOD_SK is reasonable for this purpose, but the skill registry metadata lists no required env vars while both SKILL.md and scripts explicitly require those credentials — an inconsistency that should be corrected.
Instruction Scope
SKILL.md limits runtime actions (collect parameters, require user confirmation, then run python3 scripts). It explicitly instructs the agent to scan local folders (Glob) and export BAIDU_VOD_AK/BAIDU_VOD_SK before running. These file-system and credential accesses are within the scope of video translation, but they do mean the agent will read local files and use user credentials — expected but worth noting.
Install Mechanism
There is no install spec (instruction-only) and code files are included; that is lower-risk than arbitrary remote downloads. However the scripts import third-party Python modules (requests) and call external tools (subprocess calls for Baidu Netdisk/`bdpan`) but the skill metadata only declares python3 as a required binary and lists no Python package dependencies. Missing dependency declarations and reliance on external CLI tools are an operational and coherence concern.
Credentials
The code and SKILL.md require BAIDU_VOD_AK and BAIDU_VOD_SK (and implicitly may rely on a logged-in Baidu Netdisk CLI), but the registry metadata lists no required environment variables. Requesting Baidu VOD credentials fits the stated purpose, but failing to declare them in metadata is an incoherence that could mislead users. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent system-wide privileges. It does interact with local files and may invoke external CLIs (e.g., bdpan) but does not attempt to modify other skills or system configs in the provided files.
What to consider before installing
This skill appears to be a real Baidu VOD translator, but there are mismatches you should resolve before installing. Verify that you are comfortable providing BAIDU_VOD_AK and BAIDU_VOD_SK (the scripts will require them); run the code in an isolated environment if possible. Check that Python dependencies (notably the 'requests' library) and any external CLI tools (e.g., Baidu Netdisk/`bdpan`) are available or declared. Ask the publisher to fix the metadata so required env vars and dependencies are declared, and review the scripts yourself (or have a trusted reviewer do so) to confirm there are no hidden endpoints or unexpected behaviors before running with your credentials or sensitive files.Like a lobster shell, security has layers — review code before you run it.
latestvk973a2fnwka6jxbf00pxcbhjeh8515zr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3