Tracked Video Analysis
PassAudited by ClawScan on May 10, 2026.
Overview
This video-analysis skill is coherent and locally scoped, but users should notice that it runs local media tools, may require local npm dependencies, and leaves transcript/summary files on disk.
This appears safe for its stated purpose. Before installing or using it, be aware that it may install local npm packages, run ffmpeg/ffprobe on your chosen video, and create transcript/summary files in the working directory. Use a dedicated folder and remove outputs afterward if the video is private.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can execute local media-processing binaries and consume CPU/disk while processing the selected video.
The script executes local ffmpeg/ffprobe tooling to process the video. This is expected for the skill's purpose, uses argument arrays rather than a shell command string, and is scoped to the configured video path.
execFileSync(ffmpegPath, ['-v','error','-y','-i', VIDEO, '-ss', String(start), '-t', String(end - start), '-ar','16000','-ac','1','-f','wav', chunkFile], { stdio: 'pipe' });Run it only in the intended working directory on videos you meant to analyze, and keep ffmpeg-related dependencies up to date.
Installing unpinned local packages may pull code from the package registry that is outside the reviewed artifacts.
The skill discloses workspace-local dependency use, but the provided artifacts do not include pinned versions or a lockfile/install spec for those packages.
Useful local tools: - `ffmpeg-static` - `ffprobe-static` - `@xenova/transformers` - `wavefile` If root/elevated package install is blocked, do **not** stall the task—install locally in the workspace when possible.
Prefer pinned package versions or review the npm install plan before allowing dependency installation.
Private or confidential video content may remain on disk as transcript and analysis files after the task finishes.
The workflow intentionally persists transcripts, progress logs, and summaries derived from the video. This is purpose-aligned, but those files may contain sensitive video content.
Extraction should produce: - `tmp/video_analysis/status.json` - `tmp/video_analysis/progress.log` - `tmp/video_analysis/transcript.jsonl` - `tmp/video_analysis/analysis.md`
Use a dedicated workspace for sensitive videos and delete tmp/video_analysis outputs when they are no longer needed.