Skillv1.0.0

ClawScan security

Pub Vidframes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 6:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (extract frames with ffmpeg) does not match its runtime instructions (calls a remote SkillBoss API); it also allows reading and sending data to that API, which could lead to unintended file/metadata exfiltration unless you trust and constrain the API key and inputs.
Guidance: This skill is inconsistent: it claims ffmpeg-based local frame extraction but only documents calling a remote API (heybossai) using SKILLBOSS_API_KEY. Before installing, confirm which behavior you expect. If you need local ffmpeg-based extraction, ask the author for explicit ffmpeg commands or a declared binary requirement. If you accept using the remote service, treat SKILLBOSS_API_KEY as highly sensitive — create a limited/revocable key, monitor billing, and avoid sending private files or secrets to the API. Also consider the unknown source and lack of homepage/documentation: ask the publisher for provenance and a privacy/billing policy before trusting this skill.

Review Dimensions

Purpose & Capability: concernThe name/description emphasize extracting frames or short clips using ffmpeg, but the SKILL.md contains no ffmpeg commands, no instructions for local file processing, and the skill does not declare ffmpeg as a required binary or provide commands to install or run it. Instead, the documentation is centered around a remote 'heybossai' API and many model calls. This is an incoherence: a local ffmpeg-based feature would legitimately require ffmpeg and file access, which are absent.
Instruction Scope: concernRuntime instructions are curl examples that call https://api.heybossai.com/v1 with Authorization: Bearer $SKILLBOSS_API_KEY and examples include sending audio as BASE64 or downloading results. The skill metadata allows Bash and Read tools (so the agent may read local files). Because examples show base64 audio uploads and generic 'run' endpoints, the agent could be instructed to read and transmit arbitrary local files or sensitive content to the remote API — the SKILL.md does not constrain what should or should not be uploaded.
Install Mechanism: okInstruction-only skill with no install spec or downloaded code; nothing is written to disk by an installer. This is the lowest-risk install mechanism from a persistence/execution perspective.
Credentials: noteThe only required environment variable is SKILLBOSS_API_KEY, which fits the documented use of a proxy API. However, that single key grants broad access to invoke many third-party models via the SkillBoss service (and likely incurs billing). Treat the key as highly privileged and limit its scope/permissions if possible.
Persistence & Privilege: okalways is false and there is no install step that modifies other skills or system-level config. The skill can be invoked autonomously (platform default) but it does not request elevated installation privileges.