TikTok Clipper
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its video-clipping purpose, but it needs review because it can auto-install an unpinned Python package and uses OpenAI to process uploaded audio.
Review before installing. Run it in a virtual environment, preinstall and pin dependencies yourself, provide an OpenAI key only if you are comfortable sending selected audio to OpenAI, and clean up temporary audio/transcript files after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change the local Python environment and execute newly downloaded package code before the user has explicitly reviewed or pinned that dependency.
If the OpenAI package is missing, running transcription fetches and installs an unpinned dependency at runtime and uses `--break-system-packages`, which can modify the local Python environment without a separate install review.
except ImportError: subprocess.run([sys.executable, "-m", "pip", "install", "--break-system-packages", "-q", "openai"], check=True)
Declare the dependency in an install spec or requirements file, pin the OpenAI package version, install inside a virtual environment, and avoid `--break-system-packages` or require explicit user approval before installing.
Your selected video or audio content is sent to OpenAI for transcription, and usage may be billed to your OpenAI account.
The skill uses an OpenAI API key and sends the extracted audio file to OpenAI Whisper. This matches the stated transcription feature, but it is still account and billing authority that users should notice.
client = OpenAI(api_key=os.environ.get("OPENAI_API_KEY")) ... client.audio.transcriptions.create(model="whisper-1", file=f, ...)Use a dedicated OpenAI API key, monitor usage, and avoid processing videos containing confidential audio unless sending them to OpenAI is acceptable.
Audio and transcript content from the source video may remain locally after the clip is created.
The transcription flow stores extracted audio in a fixed temporary path and writes the full transcript to disk. These are expected processing artifacts, but the temp audio is not shown being cleaned up.
audio_path = "/tmp/whisper_extract.mp3" ... json.dump(result, f, ensure_ascii=False, indent=2)
Delete temporary audio and transcript files when finished, or update the skill to use per-run temporary files with cleanup.