Back to skill
Skillv1.4.0
ClawScan security
AI Video Upscale · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 20, 2026, 2:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (local video upscaling using Real-ESRGAN/Waifu2x); nothing requests unrelated secrets or surprising system access.
- Guidance
- This skill appears coherent with its purpose: it runs local upscaling tools (Real-ESRGAN / Waifu2x) via a wrapper script. Before installing or running: (1) verify the GitHub release URLs and checksums for the prebuilt binaries you download, (2) inspect and run the script in a controlled environment—it will extract many frames and can use lots of CPU/GPU, disk, and memory, (3) note the default cache path (~/.openclaw/cache/video-upscale) and the 5-minute max duration limit in the script (adjust if you expect longer inputs), and (4) ensure you trust the prebuilt binaries (they run as local executables). If you want additional assurance, build the upscalers from source or run them in an isolated container/VM.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, INSTALL.md and the provided script all focus on local video upscaling. Declared required binaries (ffmpeg, bc, md5sum) and downloads of Real-ESRGAN/Waifu2x releases are consistent with the stated functionality.
- Instruction Scope
- okRuntime instructions and the script operate on local files only: extract frames, call local upscaling binaries, re-encode, and cache results. The script does not read unrelated system files, network endpoints, or secret env vars. It does create a cache directory under ~/.openclaw by default.
- Install Mechanism
- noteThere is no automated install spec in the skill bundle (instruction-only), but INSTALL.md instructs the user to curl GitHub release zip files and unzip them into ~/video-tools. Those are standard GitHub release URLs (traceable) but downloading and executing prebuilt binaries always carries the usual trust risk—user should verify release source/checksums before running.
- Credentials
- okNo credentials or sensitive env vars are requested. INSTALL.md suggests optional environment variables that only point to local tool locations and a cache path. The environment access is proportional to the task.
- Persistence & Privilege
- okSkill does not request always:true, does not modify other skills, and is run on-demand. It writes cache under a user-local path and creates temporary working directories; this is within expected scope.