ClawHub

ffmpeg-video-editor

ReviewAudited by ClawScan on May 10, 2026.

Overview

Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.

This skill appears safe to use as a command generator, but treat its output like any shell command: check the input and output filenames, avoid overwriting important files, and make sure FFmpeg is installed from a trusted source before running anything. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

A generated command could overwrite an existing output video or audio file without FFmpeg asking again.

Why it was flagged

The FFmpeg `-y` flag suppresses overwrite prompts. This is relevant because generated commands may replace an existing output file if the user reuses a filename.

Skill content
Always include `-y` (overwrite) and `-hide_banner` for cleaner output
Recommendation

Before running a generated command, verify the output path. Remove `-y` or ask the agent to avoid overwriting unless you are sure.

NoteMedium Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill may generate commands that fail unless FFmpeg is already installed.

Why it was flagged

The registry metadata does not declare FFmpeg as a required binary, even though SKILL.md is built around producing `ffmpeg` commands. This appears to be an incomplete requirement declaration, not hidden code.

Skill content
Required binaries (all must exist): none
Recommendation

Install FFmpeg from a trusted source and review generated commands before running them.

NoteLow Confidence
ASI09: Human-Agent Trust Exploitation
What this means

There is a small transparency concern because hidden formatting characters were present in the source text.

Why it was flagged

The neutralized artifact reports two removed control characters. Such characters can sometimes obscure text, but the provided visible content does not show deceptive instructions.

Skill content
"controlCharactersRemoved": 2
Recommendation

If possible, inspect the raw SKILL.md before installation; do not rely on any hidden or visually ambiguous text.