v2.0.0

Auto Video Editor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

The skill appears to be a coherent local video-editing tool, with expected risks from running media-processing commands, installing dependencies, and indexing project media.

GuidanceInstall this if you are comfortable with a local video-editing workflow that runs Python/ffmpeg and optional npm tools. Use a dedicated project folder, review dependency installation, confirm transcript edits and render settings, and avoid scanning unrelated private directories.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityInfoConfidenceHighStatusNote

docs/plans/2026-03-29-video-skill-v2.md

For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.

A non-runtime development plan contains direct instructions to an AI agent to invoke another sub-skill. This is not part of the normal video-editing workflow, but could redirect an agent if the plan file is treated as operational instructions.

User impactIf an agent reads this plan as instructions, it may shift from editing videos to modifying the skill implementation.

RecommendationTreat docs/plans content as developer reference only; remove or clearly mark AI-directed plan text if packaging this skill for normal users.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

README.md

AI 会自动调用各个脚本，完成整个剪辑流程。

The skill explicitly expects the agent to run local scripts as part of the editing workflow. This is central to the skill's purpose, but it means the agent will process local files and create project outputs.

User impactThe skill can read the media paths you provide and generate or edit local project files such as transcripts and rendered videos.

RecommendationUse a dedicated project folder, review render_config/output paths, and keep backups of original media and transcripts.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

remotion-standup/package.json

"@remotion/cli": "^4.0.0", "react": "^18.3.0", "typescript": "^5.4.0"

The optional Remotion workflow depends on npm packages specified with version ranges, so installed versions may vary over time. This is expected for a Remotion video-rendering workflow, but users should notice the third-party dependency surface.

User impactRunning npm install for the Remotion workflow downloads and runs third-party package code in the local project environment.

RecommendationInstall dependencies from trusted registries, consider adding a lockfile or pinned versions, and review dependency versions before use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

扫描所有视频/音频/图片文件 ... 提取时长、分辨率、帧率等元数据 ... JSON 索引（`media_index.json`） ... SQLite 索引（`media_index.db`）

The media-library feature stores a persistent local index of project media metadata and transcript associations. This is purpose-aligned for searching and organizing video assets, but it creates retained project context.

User impactThe local index can reveal what media files exist in the chosen project and related metadata or transcript links.

RecommendationPoint the scan only at intended project directories and delete media_index.json/media_index.db when the index is no longer needed.