TikTok Clipper
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change the local Python environment and execute newly downloaded package code before the user has explicitly reviewed or pinned that dependency.
If the OpenAI package is missing, running transcription fetches and installs an unpinned dependency at runtime and uses `--break-system-packages`, which can modify the local Python environment without a separate install review.
except ImportError: subprocess.run([sys.executable, "-m", "pip", "install", "--break-system-packages", "-q", "openai"], check=True)
Declare the dependency in an install spec or requirements file, pin the OpenAI package version, install inside a virtual environment, and avoid `--break-system-packages` or require explicit user approval before installing.
Your selected video or audio content is sent to OpenAI for transcription, and usage may be billed to your OpenAI account.
The skill uses an OpenAI API key and sends the extracted audio file to OpenAI Whisper. This matches the stated transcription feature, but it is still account and billing authority that users should notice.
client = OpenAI(api_key=os.environ.get("OPENAI_API_KEY")) ... client.audio.transcriptions.create(model="whisper-1", file=f, ...)Use a dedicated OpenAI API key, monitor usage, and avoid processing videos containing confidential audio unless sending them to OpenAI is acceptable.
Audio and transcript content from the source video may remain locally after the clip is created.
The transcription flow stores extracted audio in a fixed temporary path and writes the full transcript to disk. These are expected processing artifacts, but the temp audio is not shown being cleaned up.
audio_path = "/tmp/whisper_extract.mp3" ... json.dump(result, f, ensure_ascii=False, indent=2)
Delete temporary audio and transcript files when finished, or update the skill to use per-run temporary files with cleanup.