Video Subtitles
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First run may download large files and install Python dependencies before transcription works.
The skill discloses that first use can fetch dependencies and large model files. This is expected for local Whisper-style transcription, but it means the user is trusting external package/model sources and using significant disk space.
- **uv**: Python package manager (auto-installs dependencies); - **Models**: ~3GB each, auto-downloaded on first use
Install only if you are comfortable with uv-managed Python dependencies and model downloads; run it in an environment with enough disk space.
Existing output files with the same name could be replaced during subtitle burn/embed operations.
The script invokes ffmpeg to embed or burn subtitles, and the '-y' flag allows overwriting the selected output path. This is purpose-aligned, but users should be aware it mutates local files.
cmd = [ffmpeg_bin, '-y', '-i', video_path, ... output_path]; result = subprocess.run(cmd, capture_output=True, text=True)
Use explicit output paths you are comfortable overwriting and keep originals or backups of important media.
Subtitle text from private media may briefly exist in a predictable temporary file during processing.
Generated subtitle text is temporarily written to a fixed /tmp path before ffmpeg processing and then deleted. This is a normal implementation pattern for ffmpeg, but the fixed path can briefly expose or collide with subtitle content on shared systems.
srt_path = "/tmp/subtitles_temp.srt"; with open(srt_path, 'w', encoding='utf-8') as f: f.write(srt_content)
Use the skill on trusted local machines and avoid parallel runs; maintainers should prefer a unique tempfile with restrictive permissions.