ffmpeg-video-editor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated command could overwrite an existing output video or audio file without FFmpeg asking again.
The FFmpeg `-y` flag suppresses overwrite prompts. This is relevant because generated commands may replace an existing output file if the user reuses a filename.
Always include `-y` (overwrite) and `-hide_banner` for cleaner output
Before running a generated command, verify the output path. Remove `-y` or ask the agent to avoid overwriting unless you are sure.
The skill may generate commands that fail unless FFmpeg is already installed.
The registry metadata does not declare FFmpeg as a required binary, even though SKILL.md is built around producing `ffmpeg` commands. This appears to be an incomplete requirement declaration, not hidden code.
Required binaries (all must exist): none
Install FFmpeg from a trusted source and review generated commands before running them.
There is a small transparency concern because hidden formatting characters were present in the source text.
The neutralized artifact reports two removed control characters. Such characters can sometimes obscure text, but the provided visible content does not show deceptive instructions.
"controlCharactersRemoved": 2
If possible, inspect the raw SKILL.md before installation; do not rely on any hidden or visually ambiguous text.