reelgrep
PassAudited by ClawScan on May 18, 2026.
Overview
The skill appears to be a read-only local video-library search server, but its results can expose private transcript and file-path information to your chat agent.
This looks appropriate if you want a chat agent to search your local reelgrep video index. Before installing, make sure the configured database does not contain videos, subtitles, filenames, or person-search/export metadata you would not want surfaced in chat, and install the npm package from a source you trust.
Publisher note
Reads ~/.local/share/reelgrep/index.sqlite in readonly mode via better-sqlite3. No network access. No credentials. Path overridable via REELGREP_DB_PATH.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private video transcripts, filenames, paths, and related search/export metadata may become visible in chat responses when the tool is used.
The skill intentionally retrieves persistent local index content and returns video transcript matches to the agent context.
`reelgrep_search_subtitles` ... `FTS5 search over every subtitle cue` ... `otherwise searches across the whole library`
Only point the skill at a reelgrep database whose contents you are comfortable making available to your MCP client and chat agent.
Installing or running the MCP server executes code from this package and its dependencies on the local machine.
The package installs and runs a Node entry point with npm dependencies; this is expected for an MCP server but depends on the npm supply chain.
`"bin": { "reelgrep-mcp": "./dist/index.js" }` and dependencies including `"@modelcontextprotocol/sdk": "^1.29.0"`, `"better-sqlite3": "^11.0.0"`, `"zod": "^3.23.0"`Install from the trusted package/source, consider pinning versions where your MCP client supports it, and keep dependencies updated.