Content Automator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: content-automator Version: 1.0.0 The `scripts/content_automator.py` file contains a critical shell injection vulnerability. The `assemble_video` function directly embeds the `title` argument into an `ffmpeg` command's `drawtext` filter without proper sanitization. When the `cmd_script` function is used, the user-provided `--title` argument is passed directly to `assemble_video`, allowing an attacker to inject arbitrary shell commands (e.g., `'; rm -rf /; echo '`) via the title. This is a severe vulnerability (Remote Code Execution risk), but there is no evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) by the skill itself, classifying it as suspicious rather than malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume ElevenLabs quota or incur provider-side billing tied to the configured API key.
The skill requires an ElevenLabs account API key to perform text-to-speech calls. This is disclosed and purpose-aligned, but it gives the skill delegated use of that provider account.
This skill intentionally accesses: - `ELEVENLABS_API_KEY` from environment (for TTS API calls)
Use a dedicated or limited-scope ElevenLabs key where possible, monitor usage, and remove the environment variable when not needed.
Custom scripts or portfolio-derived trading details may be processed by a third-party TTS provider.
The script sends the generated script text to the ElevenLabs API. For the trading workflow, that generated text can include parsed portfolio value, positions, and P&L.
data = {
"text": text,
"model_id": "eleven_monolingual_v1",
...
response = requests.post(url, json=data, headers=headers, timeout=60)Only run the skill on text and portfolio data you are comfortable sending to ElevenLabs, and review provider privacy/retention terms.
The skill can create or overwrite video outputs in the chosen directory and depends on the local ffmpeg/ffprobe binaries behaving as expected.
The skill invokes local ffprobe/ffmpeg binaries to inspect audio and assemble videos. This is central to the stated purpose and is not hidden, but it is still local command execution.
subprocess.run(probe_cmd, capture_output=True, text=True, check=True) ... subprocess.run(ffmpeg_cmd, capture_output=True, check=True)
Use trusted ffmpeg binaries and choose an output directory where generated files and overwrites are acceptable.
Some documented commands may fail or not behave as advertised, which could waste time or create misplaced trust in the automation pipeline.
The documentation advertises a news command, while the included Python parser only defines trading, script, and templates subcommands. This appears to be an overstatement of functionality rather than malicious behavior.
# Generate news summary python3 scripts/content_automator.py news --topic "AI agents" --sources "twitter,colony" --output ~/Videos/
Verify available commands with `python3 scripts/content_automator.py --help` before relying on the documented examples.