Skillv1.0.2

ClawScan security

视频去除水印 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 3:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's scripts and documentation are consistent with a video parser, but it depends on opaque, closed-source binaries that are not included or auditable in the package and contain small manifest inconsistencies — this raises practical and security concerns before running anything.
Guidance: This skill appears to do what it says at the script level, but its core functionality is inside closed-source binaries that are not included or auditable in the package — that is the primary risk. Before installing or running: 1) obtain the actual binaries and verify they come from a trusted source and have published checksums or signatures; 2) prefer source or audited builds; 3) if you must run them, do so in a sandbox/VM or isolated container and monitor network traffic; 4) avoid running on machines with sensitive credentials or data available; 5) ask the publisher for source code or reproducible build instructions and a Linux binary if you need Linux support. If the author cannot supply verifiable binaries or source, treat this package with caution.

Review Dimensions

Purpose & Capability: noteName/description, scripts, and README all describe a local video parsing/no-watermark tool and the scripts only invoke a local 'parse-video-<os>-<arch>' binary, which is coherent with the stated purpose. However, the package claims local binaries exist but the listed assets are missing from the provided files and README/platform listing mismatches (Linux binary referenced in scripts but not in README assets). The README explicitly states the binary is closed-source ('不开源可执行文件'), which is expected for a binary-only parser but reduces auditability.
Instruction Scope: noteSKILL.md and the two shell scripts remain narrowly scoped: they detect OS/arch, make a shipped binary executable, then run it with 'parse <url>' or 'serve -p <port>'. The instructions do not tell the agent to read unrelated files or env vars. Concern: the actual network activity and data handling are delegated to an opaque binary (not present for review), so the runtime behavior (what is sent/received, whether other local files are read) cannot be verified from these instructions alone.
Install Mechanism: concernThere is no install spec (instruction-only), which limits supply-chain risk from installers — but the skill relies on prebuilt binaries under assets/. Those binaries are not included in the provided file list; README enumerates some assets but they don't match scripts' expectations (scripts expect Linux binary too). Running unknown, closed-source binaries is high-risk because they could perform hidden network I/O or local data access; no checksums, no source, and no authoritative release URLs are provided.
Credentials: noteThe skill declares no required env vars or credentials and the scripts do not read environment variables or config files. That is proportionate. Nonetheless, because the core logic runs in an opaque binary, that binary could request or transmit secrets at runtime; the lack of declared env requirements makes such behavior non-obvious and harder to detect.
Persistence & Privilege: okThe skill is not marked 'always:true' and doesn't request persistent system configuration. The serve mode runs a local HTTP server (expected for a local UI) but that is limited scope and user-invoked.