Directoryahu
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: director Version: 1.0.0 The skill bundle is suspicious due to multiple potential prompt injection and shell injection vulnerabilities across several agents. The `story_agent.md` describes 'web search' and 'file read' capabilities, which, if not properly sanitized, could be exploited for unauthorized data access or local file inclusion. The `script_agent.md`, `visual_agent.md`, and `voice_agent.md` are vulnerable to prompt injection (including SSML injection) as they dynamically construct prompts for TTS and image generation APIs from upstream agent outputs. Additionally, the `assembly_agent.md` uses FFmpeg commands that could be susceptible to shell injection if file paths or other arguments are derived from untrusted input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted broadly, the agent could read or write files outside the intended video project or run media-processing commands on unintended inputs.
The skill asks for a broad media-production toolchain, including local file access and FFmpeg. This is central to the stated video-generation purpose and is disclosed, but it should be scoped.
Attach tools to each agent ... web search ... file read ... image generation API ... ElevenLabs / OpenAI TTS API ... FFmpeg, file system access
Limit file-system access to the project, assets, and output directories, and review generated FFmpeg/API operations before using them on important files.
Using provider APIs may consume paid quota or send generated narration text to the configured provider account.
The workflow expects third-party TTS providers that commonly require account credentials or API keys. The artifacts do not show hardcoded secrets or credential leakage.
Tools Required - ElevenLabs API or OpenAI TTS API
Use project-specific API keys with spending limits where possible, and avoid giving social-platform or unrelated account credentials unless separately reviewed.
Users may need to manually verify how dependencies and helper scripts are wired before relying on the pipeline.
The registry provenance and setup metadata are limited even though the package includes an orchestrator file and references external tooling. This is a transparency/setup note, not evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: orchestrator.py
Review the included files, configure dependencies yourself from trusted sources, and avoid running additional unreviewed helper code.
Story outputs, script text, prompts, file paths, and errors may remain in local state files or logs after the video is generated.
The orchestrator intentionally writes pipeline state and logs locally so work can resume after each stage.
State persisted to disk after each stage for resume capability ... logging.FileHandler("pipeline.log")Do not feed private or sensitive material into the pipeline unless you are comfortable with it being stored locally, and delete logs/output state when no longer needed.