Skillv1.2.0

ClawScan security

Create Edu Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 11:09 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included script are consistent with an automated Remotion-based educational video workflow and do not request unexplained privileges or credentials.
Guidance: This skill is coherent for creating Remotion-based instructional videos, but review these points before installing/using it: - Verify and install the required local tools yourself (pnpm, Chromium, FFmpeg, edge-tts). The skill will not auto-install them. - The workflow fetches images/resources from the web and uses a 'tavily-search' sub-agent; avoid sending sensitive or proprietary course material to external searches or public asset hosts. - edge-tts may perform network calls — check its network/privacy behavior for your environment (it does not require credentials in the skill, but may contact remote TTS services). - Inspect and, if needed, vet the remotion-video-toolkit skill before installing (source/trust). The included script (scripts/sync_srt_tts.py) is local, straightforward, and calls ffprobe via subprocess to measure audio duration; run it in a safe/sandboxed environment if you have concerns. - If you need stricter data control, keep assets local and avoid the external search step; manually provide images/audio and review rendered output before sharing.

Review Dimensions

Purpose & Capability: okThe declared tools (pnpm, Chromium, FFmpeg, edge-tts) and the remotion-video-toolkit dependency are appropriate for generating Remotion videos, TTS audio, and performing audio/video processing. One minor note: the SKILL.md references using a 'tavily-search' sub-agent for web searches but does not declare it as a dependency; this is plausible but should be understood as an external search step.
Instruction Scope: noteRuntime instructions stay within video production scope: environment checks, writing SRT, running edge-tts, running the included Python script, developing Remotion code, and rendering. The workflow asks the agent to fetch images and vectors from the web (via the referenced search sub-agent) — expected for this purpose, but it means user content and queries will be sent externally during searches and asset downloads.
Install Mechanism: okNo install spec is included (instruction-only skill). The skill does not download or install code itself; it instructs the user/agent to ensure existing local tools are present and to install Node deps in a project. This is low-risk from an installation perspective.
Credentials: okThe skill does not request environment variables or credentials. It uses local tools (ffprobe via subprocess) and edge-tts; note that edge-tts may call external services for TTS generation but the skill does not ask for cloud API keys or secrets.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges (always: false) and contains no instructions to modify other skills or system-wide agent settings.