clip-editor

Key things to consider before installing or running this skill: - Network/data exfiltration: The code extracts frames and text and will send them to external APIs (Qwen-VL endpoint, Anthropic/Claude, edge-tts). If you will process private or copyrighted video, assume those fragments may be transmitted to third parties unless you review and disable those calls. - Undeclared requirements: The skill uses ffmpeg/ffprobe and will attempt to pip-install packages at runtime. The registry metadata does not declare these dependencies or install steps. Running it may modify your Python environment (the scripts use --break-system-packages). - Credentials: The scripts look for QWEN_API_KEY and ANTHROPIC_API_KEY (and will use them if present). The package did not declare these env vars. Only provide API keys if you trust the skill and understand which remote services will receive your data. - Mitigations: Run the skill in a sandboxed environment or VM, inspect the code locally, or run with network disabled if you only want local Whisper/edge-tts. Prefer creating an isolated Python virtualenv before running so the automatic pip installs cannot alter your system Python. Ask the publisher to update the registry metadata to declare required binaries, explicit optional env vars, and a proper install spec. - When in doubt: do not supply API keys or private video to this skill until the above inconsistencies are resolved or you run it in an isolated/safe environment.