Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Poker Clip
v1.0.0Automatically cuts poker tournament videos into complete hand clips in vertical 9:16 format with subtitles and unique hooks for TikTok/YouTube Shorts.
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to require no binaries or credentials, but README and the scripts clearly expect Python 3.10+, ffmpeg on PATH, and the 'whisper' transcription library. That mismatch between declared requirements (none) and actual needs is a coherence problem.
Instruction Scope
Runtime instructions are narrowly scoped to local video transcription, segmentation, subtitle and hook overlay, and editing code to add signals. However SKILL.md and README reference additional helper scripts (analyze_hands.py, check_overlap.py, debug_signals.py, fix_hooks.py, check_clip5_boundary.py) that are not present in the file manifest; the instructions also suggest using a larger transcription model ('large-v3') without clarifying whether that is local or cloud-based. No external network exfiltration endpoints are present in the code.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded automatically. The included scripts will write files into the workspace and call ffmpeg and whisper locally. This is a relatively low install risk, but the manifest omission of ffmpeg/whisper is misleading.
Credentials
The registry lists no required environment variables or credentials and the code does not read secrets, which is appropriate. But the README and SKILL.md imply large transcription models may be used (local heavy models or possibly cloud-hosted variants), and that would require significant local resources or API keys — the skill does not declare or document that tradeoff. The mismatch between declared zero env/deps and actual runtime needs is the core proportionality concern.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configuration. It does include a fix_paths.py script which edits files within the skill to convert hard-coded absolute paths into dynamic ones — that modifies local skill files but not outside resources. This is limited scope but worth noting.
What to consider before installing
This skill appears to do what it says (detect hands, transcribe, cut clips, overlay subtitles/hooks) but contains inconsistencies and some buggy/sloppy code. Before running it: 1) Don’t run it on sensitive videos or on a machine with sensitive data. 2) Confirm and install required software: Python 3.10+, ffmpeg on PATH, and the whisper transcription package (pip install openai-whisper or equivalent). 3) Inspect the scripts locally — several helper scripts the docs mention are missing, and poker_clipper.py contains at least one coding mistake (an undefined variable in the trailing-hand code path), so expect bugs. 4) If you need larger transcription models, ask the maintainer whether those are local models or cloud APIs (which would require API keys). 5) Run the skill in an isolated/test workspace (or VM/container) first. If you’re unsure, request the maintainer to: update registry metadata to list ffmpeg/whisper as requirements, provide the missing helper scripts (or remove references), and fix the obvious code issues before you install.Like a lobster shell, security has layers — review code before you run it.
latestvk9778pbrwwv670ggwgjam0jj0983smvx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.