Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Clipper
v1.0.0Automatically create clips and videos from media files in a specified folder. Uses Agent Swarm for intelligent task delegation and supports cron-based schedu...
⭐ 0· 430·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the implementation: the Python script scans a configured watch folder, uses ffprobe/ffmpeg to inspect and create clips, tracks processed files, and provides a cron launcher. Declared dependencies (ffmpeg/ffprobe, agent-swarm integration) align with the code and README. There are no unrelated requests (no AWS or unrelated cloud credentials).
Instruction Scope
SKILL.md and scripts restrict actions to filesystem scanning, ffmpeg/ffprobe invocations, and writing outputs/logs under the skill directory (and the configured watch/output folders). There are no instructions to read unrelated system files, enumerate credentials, or post data externally. The Agent Swarm analysis path is a placeholder and currently prints a message rather than sending files or metadata off-host.
Install Mechanism
No install spec is provided (instruction-only + shipped scripts). That is low-risk: nothing is downloaded or executed at install time. The runtime depends on locally installed ffmpeg/ffprobe and Python 3, which is documented. All code is present in the bundle so no remote fetch is required.
Credentials
The skill declares no required environment variables or credentials and the code operates locally. However, it advertises Agent Swarm and optional notifications (Discord/WhatsApp/OpenClaw message). Those features would require external service credentials or platform-provided gateway config when enabled — but the shipped code does not include credential usage or exfiltration paths. If you enable analysis/notifications you should ensure appropriate API keys are provided by the platform and understand what media/metadata will be sent.
Persistence & Privilege
always is false (no forced inclusion). The skill runs as a user cron job or manually; it writes a lock file and processed.json under its own skill directory. It does not modify other skills or system-wide agent settings. Cron integration is user-controlled.
Assessment
This skill appears to do what it says: it scans a watch folder and uses ffmpeg/ffprobe to create clips. Before installing or scheduling it: 1) Install ffmpeg/ffprobe and run the Python script manually once to confirm behavior. 2) Review and set config.json.watchFolder and outputFolder to avoid pointing the skill at sensitive directories. 3) Keep notifications and Agent Swarm analysis disabled until you verify how your OpenClaw platform provides/handles any API keys — enabling those features could transmit video metadata or clips off-host. 4) Because the cron examples use explicit user paths, update the crontab entry to the correct path for your environment. 5) If you have strict security requirements, run the script in a constrained environment (non-privileged account or container) since it will read and write files and invoke ffmpeg locally.Like a lobster shell, security has layers — review code before you run it.
latestvk976fyskd119bsxw68q03xhhmx81xz3q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.